aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--main/linux-grsec/APKBUILD15
-rw-r--r--main/linux-grsec/grsecurity-2.9-3.3.2-201204172135.patch (renamed from main/linux-grsec/grsecurity-2.9-3.3.0-201204010912.patch)7388
-rw-r--r--main/linux-grsec/kernelconfig.x863
-rw-r--r--main/linux-grsec/kernelconfig.x86_643
4 files changed, 6499 insertions, 910 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD
index 9e9028165b..eea3d28fdf 100644
--- a/main/linux-grsec/APKBUILD
+++ b/main/linux-grsec/APKBUILD
@@ -2,7 +2,7 @@
_flavor=grsec
pkgname=linux-${_flavor}
-pkgver=3.3.0
+pkgver=3.3.2
_kernver=3.3
pkgrel=0
pkgdesc="Linux kernel with grsecurity"
@@ -13,7 +13,8 @@ options="!strip"
_config=${config:-kernelconfig.${CARCH}}
install=
source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz
- grsecurity-2.9-3.3.0-201204010912.patch
+ http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz
+ grsecurity-2.9-3.3.2-201204172135.patch
0004-arp-flush-arp-cache-on-device-change.patch
@@ -29,7 +30,8 @@ _abi_release=${pkgver}-${_flavor}
prepare() {
local _patch_failed=
cd "$srcdir"/linux-$_kernver
- if [ "${pkgver%.0}" != "$pkgver" ]; then
+ if [ "${pkgver%.0}" = "$pkgver" ]; then
+ msg "Applying patch-$pkgver.xz"
unxz -c < "$srcdir"/patch-$pkgver.xz | patch -p1 -N || return 1
fi
@@ -136,7 +138,8 @@ dev() {
}
md5sums="7133f5a2086a7d7ef97abac610c094f5 linux-3.3.tar.xz
-4a84e775da56db17d11945991029482c grsecurity-2.9-3.3.0-201204010912.patch
+68907107b0f62a19608588bdb6b29e20 patch-3.3.2.xz
+8449f14948e6a7bc0de34f404d48a88d grsecurity-2.9-3.3.2-201204172135.patch
776adeeb5272093574f8836c5037dd7d 0004-arp-flush-arp-cache-on-device-change.patch
-51458d030e02ea7bc134df4f37557cb0 kernelconfig.x86
-ae652877225cb3e3b8a3705b3a411d71 kernelconfig.x86_64"
+5d2818cb5329aec600ee8ffc3896a728 kernelconfig.x86
+39552b468a33a04678113c12ec6c1a91 kernelconfig.x86_64"
diff --git a/main/linux-grsec/grsecurity-2.9-3.3.0-201204010912.patch b/main/linux-grsec/grsecurity-2.9-3.3.2-201204172135.patch
index 2ccba897a3..22c20492f9 100644
--- a/main/linux-grsec/grsecurity-2.9-3.3.0-201204010912.patch
+++ b/main/linux-grsec/grsecurity-2.9-3.3.2-201204172135.patch
@@ -1,8 +1,12 @@
diff --git a/Documentation/dontdiff b/Documentation/dontdiff
-index 0c083c5..9c2512a 100644
+index 0c083c5..bf13011 100644
--- a/Documentation/dontdiff
+++ b/Documentation/dontdiff
-@@ -5,6 +5,7 @@
+@@ -2,9 +2,11 @@
+ *.aux
+ *.bin
+ *.bz2
++*.c.[012]*.*
*.cis
*.cpio
*.csp
@@ -10,7 +14,7 @@ index 0c083c5..9c2512a 100644
*.dsp
*.dvi
*.elf
-@@ -14,6 +15,7 @@
+@@ -14,6 +16,7 @@
*.gcov
*.gen.S
*.gif
@@ -18,7 +22,7 @@ index 0c083c5..9c2512a 100644
*.grep
*.grp
*.gz
-@@ -48,9 +50,11 @@
+@@ -48,9 +51,11 @@
*.tab.h
*.tex
*.ver
@@ -30,7 +34,7 @@ index 0c083c5..9c2512a 100644
*_vga16.c
*~
\#*#
-@@ -69,6 +73,7 @@ Image
+@@ -69,6 +74,7 @@ Image
Module.markers
Module.symvers
PENDING
@@ -38,7 +42,7 @@ index 0c083c5..9c2512a 100644
SCCS
System.map*
TAGS
-@@ -92,19 +97,24 @@ bounds.h
+@@ -92,19 +98,24 @@ bounds.h
bsetup
btfixupprep
build
@@ -63,7 +67,7 @@ index 0c083c5..9c2512a 100644
conmakehash
consolemap_deftbl.c*
cpustr.h
-@@ -115,9 +125,11 @@ devlist.h*
+@@ -115,9 +126,11 @@ devlist.h*
dnotify_test
docproc
dslm
@@ -75,7 +79,7 @@ index 0c083c5..9c2512a 100644
fixdep
flask.h
fore200e_mkfirm
-@@ -125,12 +137,15 @@ fore200e_pca_fw.c*
+@@ -125,12 +138,15 @@ fore200e_pca_fw.c*
gconf
gconf.glade.h
gen-devlist
@@ -91,7 +95,7 @@ index 0c083c5..9c2512a 100644
hpet_example
hugepage-mmap
hugepage-shm
-@@ -145,7 +160,7 @@ int32.c
+@@ -145,7 +161,7 @@ int32.c
int4.c
int8.c
kallsyms
@@ -100,7 +104,7 @@ index 0c083c5..9c2512a 100644
keywords.c
ksym.c*
ksym.h*
-@@ -153,7 +168,7 @@ kxgettext
+@@ -153,7 +169,7 @@ kxgettext
lkc_defs.h
lex.c
lex.*.c
@@ -109,7 +113,7 @@ index 0c083c5..9c2512a 100644
logo_*.c
logo_*_clut224.c
logo_*_mono.c
-@@ -165,14 +180,15 @@ machtypes.h
+@@ -165,14 +181,15 @@ machtypes.h
map
map_hugetlb
maui_boot.h
@@ -126,7 +130,7 @@ index 0c083c5..9c2512a 100644
mkprep
mkregtable
mktables
-@@ -208,6 +224,7 @@ r300_reg_safe.h
+@@ -208,6 +225,7 @@ r300_reg_safe.h
r420_reg_safe.h
r600_reg_safe.h
recordmcount
@@ -134,7 +138,7 @@ index 0c083c5..9c2512a 100644
relocs
rlim_names.h
rn50_reg_safe.h
-@@ -218,6 +235,7 @@ setup
+@@ -218,6 +236,7 @@ setup
setup.bin
setup.elf
sImage
@@ -142,7 +146,7 @@ index 0c083c5..9c2512a 100644
sm_tbl*
split-include
syscalltab.h
-@@ -228,6 +246,7 @@ tftpboot.img
+@@ -228,6 +247,7 @@ tftpboot.img
timeconst.h
times.h*
trix_boot.h
@@ -150,7 +154,7 @@ index 0c083c5..9c2512a 100644
utsrelease.h*
vdso-syms.lds
vdso.lds
-@@ -245,7 +264,9 @@ vmlinux
+@@ -245,7 +265,9 @@ vmlinux
vmlinux-*
vmlinux.aout
vmlinux.bin.all
@@ -160,7 +164,7 @@ index 0c083c5..9c2512a 100644
vmlinuz
voffset.h
vsyscall.lds
-@@ -253,9 +274,11 @@ vsyscall_32.lds
+@@ -253,9 +275,11 @@ vsyscall_32.lds
wanxlfw.inc
uImage
unifdef
@@ -191,7 +195,7 @@ index d99fd9c..8689fef 100644
pcd. [PARIDE]
diff --git a/Makefile b/Makefile
-index 1932984..0204e68 100644
+index ddcb70a..32da20d 100644
--- a/Makefile
+++ b/Makefile
@@ -245,8 +245,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -217,7 +221,7 @@ index 1932984..0204e68 100644
$(Q)$(MAKE) $(build)=scripts/basic
$(Q)rm -f .tmp_quiet_recordmcount
-@@ -564,6 +565,50 @@ else
+@@ -564,6 +565,53 @@ else
KBUILD_CFLAGS += -O2
endif
@@ -244,10 +248,13 @@ index 1932984..0204e68 100644
+endif
+endif
+COLORIZE_PLUGIN_CFLAGS := -fplugin=$(objtree)/tools/gcc/colorize_plugin.so
++ifdef CONFIG_PAX_SIZE_OVERFLOW
++SIZE_OVERFLOW_PLUGIN := -fplugin=$(objtree)/tools/gcc/size_overflow_plugin.so -DSIZE_OVERFLOW_PLUGIN
++endif
+GCC_PLUGINS_CFLAGS := $(CONSTIFY_PLUGIN_CFLAGS) $(STACKLEAK_PLUGIN_CFLAGS) $(KALLOCSTAT_PLUGIN_CFLAGS)
-+GCC_PLUGINS_CFLAGS += $(KERNEXEC_PLUGIN_CFLAGS) $(CHECKER_PLUGIN_CFLAGS) $(COLORIZE_PLUGIN_CFLAGS)
++GCC_PLUGINS_CFLAGS += $(KERNEXEC_PLUGIN_CFLAGS) $(CHECKER_PLUGIN_CFLAGS) $(COLORIZE_PLUGIN_CFLAGS) $(SIZE_OVERFLOW_PLUGIN)
+GCC_PLUGINS_AFLAGS := $(KERNEXEC_PLUGIN_AFLAGS)
-+export CONSTIFY_PLUGIN STACKLEAK_PLUGIN KERNEXEC_PLUGIN CHECKER_PLUGIN
++export CONSTIFY_PLUGIN STACKLEAK_PLUGIN KERNEXEC_PLUGIN CHECKER_PLUGIN SIZE_OVERFLOW_PLUGIN
+ifeq ($(KBUILD_EXTMOD),)
+gcc-plugins:
+ $(Q)$(MAKE) $(build)=tools/gcc
@@ -268,7 +275,7 @@ index 1932984..0204e68 100644
include $(srctree)/arch/$(SRCARCH)/Makefile
ifneq ($(CONFIG_FRAME_WARN),0)
-@@ -708,7 +753,7 @@ export mod_strip_cmd
+@@ -708,7 +756,7 @@ export mod_strip_cmd
ifeq ($(KBUILD_EXTMOD),)
@@ -277,7 +284,7 @@ index 1932984..0204e68 100644
vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \
$(core-y) $(core-m) $(drivers-y) $(drivers-m) \
-@@ -932,6 +977,8 @@ vmlinux.o: $(modpost-init) $(vmlinux-main) FORCE
+@@ -932,6 +980,8 @@ vmlinux.o: $(modpost-init) $(vmlinux-main) FORCE
# The actual objects are generated when descending,
# make sure no implicit rule kicks in
@@ -286,7 +293,7 @@ index 1932984..0204e68 100644
$(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ;
# Handle descending into subdirectories listed in $(vmlinux-dirs)
-@@ -941,7 +988,7 @@ $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ;
+@@ -941,7 +991,7 @@ $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ;
# Error messages still appears in the original language
PHONY += $(vmlinux-dirs)
@@ -295,7 +302,7 @@ index 1932984..0204e68 100644
$(Q)$(MAKE) $(build)=$@
# Store (new) KERNELRELASE string in include/config/kernel.release
-@@ -985,6 +1032,7 @@ prepare0: archprepare FORCE
+@@ -985,6 +1035,7 @@ prepare0: archprepare FORCE
$(Q)$(MAKE) $(build)=.
# All the preparing..
@@ -303,7 +310,7 @@ index 1932984..0204e68 100644
prepare: prepare0
# Generate some files
-@@ -1089,6 +1137,8 @@ all: modules
+@@ -1089,6 +1140,8 @@ all: modules
# using awk while concatenating to the final file.
PHONY += modules
@@ -312,7 +319,7 @@ index 1932984..0204e68 100644
modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) modules.builtin
$(Q)$(AWK) '!x[$$0]++' $(vmlinux-dirs:%=$(objtree)/%/modules.order) > $(objtree)/modules.order
@$(kecho) ' Building modules, stage 2.';
-@@ -1104,7 +1154,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin)
+@@ -1104,7 +1157,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin)
# Target to prepare building external modules
PHONY += modules_prepare
@@ -321,7 +328,7 @@ index 1932984..0204e68 100644
# Target to install modules
PHONY += modules_install
-@@ -1201,6 +1251,7 @@ distclean: mrproper
+@@ -1201,6 +1254,7 @@ distclean: mrproper
\( -name '*.orig' -o -name '*.rej' -o -name '*~' \
-o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \
-o -name '.*.rej' \
@@ -329,7 +336,7 @@ index 1932984..0204e68 100644
-o -name '*%' -o -name '.*.cmd' -o -name 'core' \) \
-type f -print | xargs rm -f
-@@ -1361,6 +1412,8 @@ PHONY += $(module-dirs) modules
+@@ -1361,6 +1415,8 @@ PHONY += $(module-dirs) modules
$(module-dirs): crmodverdir $(objtree)/Module.symvers
$(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@)
@@ -338,7 +345,7 @@ index 1932984..0204e68 100644
modules: $(module-dirs)
@$(kecho) ' Building modules, stage 2.';
$(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost
-@@ -1487,17 +1540,21 @@ else
+@@ -1487,17 +1543,21 @@ else
target-dir = $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@))
endif
@@ -364,7 +371,7 @@ index 1932984..0204e68 100644
$(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
%.symtypes: %.c prepare scripts FORCE
$(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
-@@ -1507,11 +1564,15 @@ endif
+@@ -1507,11 +1567,15 @@ endif
$(cmd_crmodverdir)
$(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \
$(build)=$(build-dir)
@@ -7888,6 +7895,19 @@ index be6d9e3..21fbbca 100644
ret
+ENDPROC(aesni_ctr_enc)
#endif
+diff --git a/arch/x86/crypto/aesni-intel_glue.c b/arch/x86/crypto/aesni-intel_glue.c
+index 545d0ce..14841a6 100644
+--- a/arch/x86/crypto/aesni-intel_glue.c
++++ b/arch/x86/crypto/aesni-intel_glue.c
+@@ -929,6 +929,8 @@ out_free_ablkcipher:
+ }
+
+ static int rfc4106_set_key(struct crypto_aead *parent, const u8 *key,
++ unsigned int key_len) __size_overflow(3);
++static int rfc4106_set_key(struct crypto_aead *parent, const u8 *key,
+ unsigned int key_len)
+ {
+ int ret = 0;
diff --git a/arch/x86/crypto/blowfish-x86_64-asm_64.S b/arch/x86/crypto/blowfish-x86_64-asm_64.S
index 391d245..67f35c2 100644
--- a/arch/x86/crypto/blowfish-x86_64-asm_64.S
@@ -9630,7 +9650,7 @@ index 46fc474..b02b0f9 100644
if (len)
diff --git a/arch/x86/include/asm/cmpxchg.h b/arch/x86/include/asm/cmpxchg.h
-index b3b7332..3935f40 100644
+index b3b7332..d81165b 100644
--- a/arch/x86/include/asm/cmpxchg.h
+++ b/arch/x86/include/asm/cmpxchg.h
@@ -14,8 +14,12 @@ extern void __cmpxchg_wrong_size(void)
@@ -9646,6 +9666,15 @@ index b3b7332..3935f40 100644
/*
* Constants for operation sizes. On 32-bit, the 64-bit size it set to
+@@ -43,7 +47,7 @@ extern void __add_wrong_size(void)
+ switch (sizeof(*(ptr))) { \
+ case __X86_CASE_B: \
+ asm volatile (lock #op "b %b0, %1\n" \
+- : "+r" (__ret), "+m" (*(ptr)) \
++ : "+q" (__ret), "+m" (*(ptr)) \
+ : : "memory", "cc"); \
+ break; \
+ case __X86_CASE_W: \
@@ -67,6 +71,34 @@ extern void __add_wrong_size(void)
__ret; \
})
@@ -9681,7 +9710,7 @@ index b3b7332..3935f40 100644
/*
* Note: no "lock" prefix even on SMP: xchg always implies lock anyway.
* Since this is generally used to protect other memory information, we
-@@ -167,6 +199,9 @@ extern void __add_wrong_size(void)
+@@ -167,13 +199,16 @@ extern void __add_wrong_size(void)
#define xadd_sync(ptr, inc) __xadd((ptr), (inc), "lock; ")
#define xadd_local(ptr, inc) __xadd((ptr), (inc), "")
@@ -9691,6 +9720,14 @@ index b3b7332..3935f40 100644
#define __add(ptr, inc, lock) \
({ \
__typeof__ (*(ptr)) __ret = (inc); \
+ switch (sizeof(*(ptr))) { \
+ case __X86_CASE_B: \
+ asm volatile (lock "addb %b1, %0\n" \
+- : "+m" (*(ptr)) : "ri" (inc) \
++ : "+m" (*(ptr)) : "qi" (inc) \
+ : "memory", "cc"); \
+ break; \
+ case __X86_CASE_W: \
diff --git a/arch/x86/include/asm/cpufeature.h b/arch/x86/include/asm/cpufeature.h
index 8d67d42..183d0eb 100644
--- a/arch/x86/include/asm/cpufeature.h
@@ -10000,6 +10037,18 @@ index cc70c1c..d96d011 100644
+extern void machine_emergency_restart(void) __noreturn;
#endif /* _ASM_X86_EMERGENCY_RESTART_H */
+diff --git a/arch/x86/include/asm/floppy.h b/arch/x86/include/asm/floppy.h
+index dbe82a5..c6d8a00 100644
+--- a/arch/x86/include/asm/floppy.h
++++ b/arch/x86/include/asm/floppy.h
+@@ -157,6 +157,7 @@ static unsigned long dma_mem_alloc(unsigned long size)
+ }
+
+
++static unsigned long vdma_mem_alloc(unsigned long size) __size_overflow(1);
+ static unsigned long vdma_mem_alloc(unsigned long size)
+ {
+ return (unsigned long)vmalloc(size);
diff --git a/arch/x86/include/asm/futex.h b/arch/x86/include/asm/futex.h
index d09bb03..4ea4194 100644
--- a/arch/x86/include/asm/futex.h
@@ -10182,7 +10231,7 @@ index 5478825..839e88c 100644
#define flush_insn_slot(p) do { } while (0)
diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
-index 52d6640..a013b87 100644
+index 52d6640..136b3bd 100644
--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
@@ -663,7 +663,7 @@ struct kvm_x86_ops {
@@ -10194,6 +10243,24 @@ index 52d6640..a013b87 100644
struct kvm_arch_async_pf {
u32 token;
+@@ -694,7 +694,7 @@ void kvm_mmu_change_mmu_pages(struct kvm *kvm, unsigned int kvm_nr_mmu_pages);
+ int load_pdptrs(struct kvm_vcpu *vcpu, struct kvm_mmu *mmu, unsigned long cr3);
+
+ int emulator_write_phys(struct kvm_vcpu *vcpu, gpa_t gpa,
+- const void *val, int bytes);
++ const void *val, int bytes) __size_overflow(2);
+ u8 kvm_get_guest_memory_type(struct kvm_vcpu *vcpu, gfn_t gfn);
+
+ extern bool tdp_enabled;
+@@ -781,7 +781,7 @@ int fx_init(struct kvm_vcpu *vcpu);
+
+ void kvm_mmu_flush_tlb(struct kvm_vcpu *vcpu);
+ void kvm_mmu_pte_write(struct kvm_vcpu *vcpu, gpa_t gpa,
+- const u8 *new, int bytes);
++ const u8 *new, int bytes) __size_overflow(2);
+ int kvm_mmu_unprotect_page(struct kvm *kvm, gfn_t gfn);
+ int kvm_mmu_unprotect_page_virt(struct kvm_vcpu *vcpu, gva_t gva);
+ void __kvm_mmu_free_some_pages(struct kvm_vcpu *vcpu);
diff --git a/arch/x86/include/asm/local.h b/arch/x86/include/asm/local.h
index 9cdae5d..300d20f 100644
--- a/arch/x86/include/asm/local.h
@@ -11794,6 +11861,19 @@ index cb23852..2dde194 100644
asmlinkage long sys32_sysfs(int, u32, u32);
asmlinkage long sys32_sched_rr_get_interval(compat_pid_t,
+diff --git a/arch/x86/include/asm/syscalls.h b/arch/x86/include/asm/syscalls.h
+index f1d8b44..a4de8b7 100644
+--- a/arch/x86/include/asm/syscalls.h
++++ b/arch/x86/include/asm/syscalls.h
+@@ -30,7 +30,7 @@ long sys_clone(unsigned long, unsigned long, void __user *,
+ void __user *, struct pt_regs *);
+
+ /* kernel/ldt.c */
+-asmlinkage int sys_modify_ldt(int, void __user *, unsigned long);
++asmlinkage int sys_modify_ldt(int, void __user *, unsigned long) __size_overflow(3);
+
+ /* kernel/signal.c */
+ long sys_rt_sigreturn(struct pt_regs *);
diff --git a/arch/x86/include/asm/system.h b/arch/x86/include/asm/system.h
index 2d2f01c..f985723 100644
--- a/arch/x86/include/asm/system.h
@@ -12234,11 +12314,36 @@ index 8be5f54..7ae826d 100644
#ifdef CONFIG_X86_WP_WORKS_OK
diff --git a/arch/x86/include/asm/uaccess_32.h b/arch/x86/include/asm/uaccess_32.h
-index 566e803..b9521e9 100644
+index 566e803..7183d0b 100644
--- a/arch/x86/include/asm/uaccess_32.h
+++ b/arch/x86/include/asm/uaccess_32.h
-@@ -43,6 +43,9 @@ unsigned long __must_check __copy_from_user_ll_nocache_nozero
+@@ -11,15 +11,15 @@
+ #include <asm/page.h>
+
+ unsigned long __must_check __copy_to_user_ll
+- (void __user *to, const void *from, unsigned long n);
++ (void __user *to, const void *from, unsigned long n) __size_overflow(3);
+ unsigned long __must_check __copy_from_user_ll
+- (void *to, const void __user *from, unsigned long n);
++ (void *to, const void __user *from, unsigned long n) __size_overflow(3);
+ unsigned long __must_check __copy_from_user_ll_nozero
+- (void *to, const void __user *from, unsigned long n);
++ (void *to, const void __user *from, unsigned long n) __size_overflow(3);
+ unsigned long __must_check __copy_from_user_ll_nocache
+- (void *to, const void __user *from, unsigned long n);
++ (void *to, const void __user *from, unsigned long n) __size_overflow(3);
+ unsigned long __must_check __copy_from_user_ll_nocache_nozero
+- (void *to, const void __user *from, unsigned long n);
++ (void *to, const void __user *from, unsigned long n) __size_overflow(3);
+
+ /**
+ * __copy_to_user_inatomic: - Copy a block of data into user space, with less checking.
+@@ -41,8 +41,13 @@ unsigned long __must_check __copy_from_user_ll_nocache_nozero
+ */
+
static __always_inline unsigned long __must_check
++__copy_to_user_inatomic(void __user *to, const void *from, unsigned long n) __size_overflow(3);
++static __always_inline unsigned long __must_check
__copy_to_user_inatomic(void __user *to, const void *from, unsigned long n)
{
+ if ((long)n < 0)
@@ -12247,7 +12352,7 @@ index 566e803..b9521e9 100644
if (__builtin_constant_p(n)) {
unsigned long ret;
-@@ -61,6 +64,8 @@ __copy_to_user_inatomic(void __user *to, const void *from, unsigned long n)
+@@ -61,6 +66,8 @@ __copy_to_user_inatomic(void __user *to, const void *from, unsigned long n)
return ret;
}
}
@@ -12256,7 +12361,12 @@ index 566e803..b9521e9 100644
return __copy_to_user_ll(to, from, n);
}
-@@ -82,12 +87,16 @@ static __always_inline unsigned long __must_check
+@@ -79,15 +86,23 @@ __copy_to_user_inatomic(void __user *to, const void *from, unsigned long n)
+ * On success, this will be zero.
+ */
+ static __always_inline unsigned long __must_check
++__copy_to_user(void __user *to, const void *from, unsigned long n) __size_overflow(3);
++static __always_inline unsigned long __must_check
__copy_to_user(void __user *to, const void *from, unsigned long n)
{
might_fault();
@@ -12265,6 +12375,8 @@ index 566e803..b9521e9 100644
}
static __always_inline unsigned long
++__copy_from_user_inatomic(void *to, const void __user *from, unsigned long n) __size_overflow(3);
++static __always_inline unsigned long
__copy_from_user_inatomic(void *to, const void __user *from, unsigned long n)
{
+ if ((long)n < 0)
@@ -12273,7 +12385,12 @@ index 566e803..b9521e9 100644
/* Avoid zeroing the tail if the copy fails..
* If 'n' is constant and 1, 2, or 4, we do still zero on a failure,
* but as the zeroing behaviour is only significant when n is not
-@@ -137,6 +146,10 @@ static __always_inline unsigned long
+@@ -134,9 +149,15 @@ __copy_from_user_inatomic(void *to, const void __user *from, unsigned long n)
+ * for explanation of why this is needed.
+ */
+ static __always_inline unsigned long
++__copy_from_user(void *to, const void __user *from, unsigned long n) __size_overflow(3);
++static __always_inline unsigned long
__copy_from_user(void *to, const void __user *from, unsigned long n)
{
might_fault();
@@ -12284,7 +12401,7 @@ index 566e803..b9521e9 100644
if (__builtin_constant_p(n)) {
unsigned long ret;
-@@ -152,6 +165,8 @@ __copy_from_user(void *to, const void __user *from, unsigned long n)
+@@ -152,13 +173,21 @@ __copy_from_user(void *to, const void __user *from, unsigned long n)
return ret;
}
}
@@ -12293,7 +12410,9 @@ index 566e803..b9521e9 100644
return __copy_from_user_ll(to, from, n);
}
-@@ -159,6 +174,10 @@ static __always_inline unsigned long __copy_from_user_nocache(void *to,
+ static __always_inline unsigned long __copy_from_user_nocache(void *to,
++ const void __user *from, unsigned long n) __size_overflow(3);
++static __always_inline unsigned long __copy_from_user_nocache(void *to,
const void __user *from, unsigned long n)
{
might_fault();
@@ -12304,8 +12423,13 @@ index 566e803..b9521e9 100644
if (__builtin_constant_p(n)) {
unsigned long ret;
-@@ -181,15 +200,19 @@ static __always_inline unsigned long
+@@ -179,17 +208,24 @@ static __always_inline unsigned long __copy_from_user_nocache(void *to,
+
+ static __always_inline unsigned long
__copy_from_user_inatomic_nocache(void *to, const void __user *from,
++ unsigned long n) __size_overflow(3);
++static __always_inline unsigned long
++__copy_from_user_inatomic_nocache(void *to, const void __user *from,
unsigned long n)
{
- return __copy_from_user_ll_nocache_nozero(to, from, n);
@@ -12331,7 +12455,7 @@ index 566e803..b9521e9 100644
extern void copy_from_user_overflow(void)
#ifdef CONFIG_DEBUG_STRICT_USER_COPY_CHECKS
-@@ -199,17 +222,61 @@ extern void copy_from_user_overflow(void)
+@@ -199,17 +235,65 @@ extern void copy_from_user_overflow(void)
#endif
;
@@ -12352,6 +12476,8 @@ index 566e803..b9521e9 100644
+ * On success, this will be zero.
+ */
+static inline unsigned long __must_check
++copy_to_user(void __user *to, const void *from, unsigned long n) __size_overflow(3);
++static inline unsigned long __must_check
+copy_to_user(void __user *to, const void *from, unsigned long n)
+{
+ int sz = __compiletime_object_size(from);
@@ -12380,6 +12506,8 @@ index 566e803..b9521e9 100644
+ * data to the requested size using zero bytes.
+ */
+static inline unsigned long __must_check
++copy_from_user(void *to, const void __user *from, unsigned long n) __size_overflow(3);
++static inline unsigned long __must_check
+copy_from_user(void *to, const void __user *from, unsigned long n)
{
int sz = __compiletime_object_size(to);
@@ -12400,8 +12528,18 @@ index 566e803..b9521e9 100644
return n;
}
+@@ -235,7 +319,7 @@ long __must_check __strncpy_from_user(char *dst,
+ #define strlen_user(str) strnlen_user(str, LONG_MAX)
+
+ long strnlen_user(const char __user *str, long n);
+-unsigned long __must_check clear_user(void __user *mem, unsigned long len);
+-unsigned long __must_check __clear_user(void __user *mem, unsigned long len);
++unsigned long __must_check clear_user(void __user *mem, unsigned long len) __size_overflow(2);
++unsigned long __must_check __clear_user(void __user *mem, unsigned long len) __size_overflow(2);
+
+ #endif /* _ASM_X86_UACCESS_32_H */
diff --git a/arch/x86/include/asm/uaccess_64.h b/arch/x86/include/asm/uaccess_64.h
-index 1c66d30..e66922c 100644
+index 1c66d30..e294b5f 100644
--- a/arch/x86/include/asm/uaccess_64.h
+++ b/arch/x86/include/asm/uaccess_64.h
@@ -10,6 +10,9 @@
@@ -12414,23 +12552,25 @@ index 1c66d30..e66922c 100644
/*
* Copy To/From Userspace
-@@ -17,12 +20,12 @@
+@@ -17,12 +20,14 @@
/* Handles exceptions in both to and from, but doesn't do access_ok */
__must_check unsigned long
-copy_user_generic_string(void *to, const void *from, unsigned len);
-+copy_user_generic_string(void *to, const void *from, unsigned long len);
++copy_user_generic_string(void *to, const void *from, unsigned long len) __size_overflow(3);
__must_check unsigned long
-copy_user_generic_unrolled(void *to, const void *from, unsigned len);
-+copy_user_generic_unrolled(void *to, const void *from, unsigned long len);
++copy_user_generic_unrolled(void *to, const void *from, unsigned long len) __size_overflow(3);
static __always_inline __must_check unsigned long
-copy_user_generic(void *to, const void *from, unsigned len)
++copy_user_generic(void *to, const void *from, unsigned long len) __size_overflow(3);
++static __always_inline __must_check unsigned long
+copy_user_generic(void *to, const void *from, unsigned long len)
{
unsigned ret;
-@@ -32,142 +35,226 @@ copy_user_generic(void *to, const void *from, unsigned len)
+@@ -32,142 +37,237 @@ copy_user_generic(void *to, const void *from, unsigned len)
ASM_OUTPUT2("=a" (ret), "=D" (to), "=S" (from),
"=d" (len)),
"1" (to), "2" (from), "3" (len)
@@ -12440,19 +12580,22 @@ index 1c66d30..e66922c 100644
}
+static __always_inline __must_check unsigned long
-+__copy_to_user(void __user *to, const void *from, unsigned long len);
++__copy_to_user(void __user *to, const void *from, unsigned long len) __size_overflow(3);
+static __always_inline __must_check unsigned long
-+__copy_from_user(void *to, const void __user *from, unsigned long len);
++__copy_from_user(void *to, const void __user *from, unsigned long len) __size_overflow(3);
__must_check unsigned long
-_copy_to_user(void __user *to, const void *from, unsigned len);
-__must_check unsigned long
-_copy_from_user(void *to, const void __user *from, unsigned len);
-__must_check unsigned long
-copy_in_user(void __user *to, const void __user *from, unsigned len);
-+copy_in_user(void __user *to, const void __user *from, unsigned long len);
++copy_in_user(void __user *to, const void __user *from, unsigned long len) __size_overflow(3);
static inline unsigned long __must_check copy_from_user(void *to,
const void __user *from,
++ unsigned long n) __size_overflow(3);
++static inline unsigned long __must_check copy_from_user(void *to,
++ const void __user *from,
unsigned long n)
{
- int sz = __compiletime_object_size(to);
@@ -12477,6 +12620,8 @@ index 1c66d30..e66922c 100644
static __always_inline __must_check
-int copy_to_user(void __user *dst, const void *src, unsigned size)
++int copy_to_user(void __user *dst, const void *src, unsigned long size) __size_overflow(3);
++static __always_inline __must_check
+int copy_to_user(void __user *dst, const void *src, unsigned long size)
{
might_fault();
@@ -12489,6 +12634,8 @@ index 1c66d30..e66922c 100644
static __always_inline __must_check
-int __copy_from_user(void *dst, const void __user *src, unsigned size)
++unsigned long __copy_from_user(void *dst, const void __user *src, unsigned long size) __size_overflow(3);
++static __always_inline __must_check
+unsigned long __copy_from_user(void *dst, const void __user *src, unsigned long size)
{
- int ret = 0;
@@ -12577,6 +12724,8 @@ index 1c66d30..e66922c 100644
static __always_inline __must_check
-int __copy_to_user(void __user *dst, const void *src, unsigned size)
++unsigned long __copy_to_user(void __user *dst, const void *src, unsigned long size) __size_overflow(3);
++static __always_inline __must_check
+unsigned long __copy_to_user(void __user *dst, const void *src, unsigned long size)
{
- int ret = 0;
@@ -12665,6 +12814,8 @@ index 1c66d30..e66922c 100644
static __always_inline __must_check
-int __copy_in_user(void __user *dst, const void __user *src, unsigned size)
++unsigned long __copy_in_user(void __user *dst, const void __user *src, unsigned long size) __size_overflow(3);
++static __always_inline __must_check
+unsigned long __copy_in_user(void __user *dst, const void __user *src, unsigned long size)
{
- int ret = 0;
@@ -12705,7 +12856,7 @@ index 1c66d30..e66922c 100644
ret, "b", "b", "=q", 1);
if (likely(!ret))
__put_user_asm(tmp, (u8 __user *)dst,
-@@ -176,7 +263,7 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size)
+@@ -176,7 +276,7 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size)
}
case 2: {
u16 tmp;
@@ -12714,7 +12865,7 @@ index 1c66d30..e66922c 100644
ret, "w", "w", "=r", 2);
if (likely(!ret))
__put_user_asm(tmp, (u16 __user *)dst,
-@@ -186,7 +273,7 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size)
+@@ -186,7 +286,7 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size)
case 4: {
u32 tmp;
@@ -12723,7 +12874,7 @@ index 1c66d30..e66922c 100644
ret, "l", "k", "=r", 4);
if (likely(!ret))
__put_user_asm(tmp, (u32 __user *)dst,
-@@ -195,7 +282,7 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size)
+@@ -195,7 +295,7 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size)
}
case 8: {
u64 tmp;
@@ -12732,7 +12883,7 @@ index 1c66d30..e66922c 100644
ret, "q", "", "=r", 8);
if (likely(!ret))
__put_user_asm(tmp, (u64 __user *)dst,
-@@ -203,8 +290,16 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size)
+@@ -203,8 +303,16 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size)
return ret;
}
default:
@@ -12751,11 +12902,19 @@ index 1c66d30..e66922c 100644
}
}
-@@ -219,35 +314,72 @@ __must_check unsigned long clear_user(void __user *mem, unsigned long len);
- __must_check unsigned long __clear_user(void __user *mem, unsigned long len);
+@@ -215,39 +323,83 @@ __strncpy_from_user(char *dst, const char __user *src, long count);
+ __must_check long strnlen_user(const char __user *str, long n);
+ __must_check long __strnlen_user(const char __user *str, long n);
+ __must_check long strlen_user(const char __user *str);
+-__must_check unsigned long clear_user(void __user *mem, unsigned long len);
+-__must_check unsigned long __clear_user(void __user *mem, unsigned long len);
++__must_check unsigned long clear_user(void __user *mem, unsigned long len) __size_overflow(2);
++__must_check unsigned long __clear_user(void __user *mem, unsigned long len) __size_overflow(2);
static __must_check __always_inline int
-__copy_from_user_inatomic(void *dst, const void __user *src, unsigned size)
++__copy_from_user_inatomic(void *dst, const void __user *src, unsigned long size) __size_overflow(3);
++static __must_check __always_inline int
+__copy_from_user_inatomic(void *dst, const void __user *src, unsigned long size)
{
- return copy_user_generic(dst, (__force const void *)src, size);
@@ -12776,6 +12935,8 @@ index 1c66d30..e66922c 100644
-static __must_check __always_inline int
-__copy_to_user_inatomic(void __user *dst, const void *src, unsigned size)
+static __must_check __always_inline unsigned long
++__copy_to_user_inatomic(void __user *dst, const void *src, unsigned long size) __size_overflow(3);
++static __must_check __always_inline unsigned long
+__copy_to_user_inatomic(void __user *dst, const void *src, unsigned long size)
{
- return copy_user_generic((__force void *)dst, src, size);
@@ -12796,10 +12957,11 @@ index 1c66d30..e66922c 100644
-extern long __copy_user_nocache(void *dst, const void __user *src,
- unsigned size, int zerorest);
+extern unsigned long __copy_user_nocache(void *dst, const void __user *src,
-+ unsigned long size, int zerorest);
++ unsigned long size, int zerorest) __size_overflow(3);
-static inline int
-__copy_from_user_nocache(void *dst, const void __user *src, unsigned size)
++static inline unsigned long __copy_from_user_nocache(void *dst, const void __user *src, unsigned long size) __size_overflow(3);
+static inline unsigned long __copy_from_user_nocache(void *dst, const void __user *src, unsigned long size)
{
might_sleep();
@@ -12819,6 +12981,8 @@ index 1c66d30..e66922c 100644
-__copy_from_user_inatomic_nocache(void *dst, const void __user *src,
- unsigned size)
+static inline unsigned long __copy_from_user_inatomic_nocache(void *dst, const void __user *src,
++ unsigned long size) __size_overflow(3);
++static inline unsigned long __copy_from_user_inatomic_nocache(void *dst, const void __user *src,
+ unsigned long size)
{
+ if (size > INT_MAX)
@@ -12835,7 +12999,7 @@ index 1c66d30..e66922c 100644
-unsigned long
-copy_user_handle_tail(char *to, char *from, unsigned len, unsigned zerorest);
+extern unsigned long
-+copy_user_handle_tail(char __user *to, char __user *from, unsigned long len, unsigned zerorest);
++copy_user_handle_tail(char __user *to, char __user *from, unsigned long len, unsigned zerorest) __size_overflow(3);
#endif /* _ASM_X86_UACCESS_64_H */
diff --git a/arch/x86/include/asm/vdso.h b/arch/x86/include/asm/vdso.h
@@ -13598,6 +13762,19 @@ index 3e6ff6c..54b4992 100644
load_idt(&idt_descr);
}
#endif
+diff --git a/arch/x86/kernel/cpu/mcheck/mce-inject.c b/arch/x86/kernel/cpu/mcheck/mce-inject.c
+index fc4beb3..f20a5a7 100644
+--- a/arch/x86/kernel/cpu/mcheck/mce-inject.c
++++ b/arch/x86/kernel/cpu/mcheck/mce-inject.c
+@@ -199,6 +199,8 @@ static void raise_mce(struct mce *m)
+
+ /* Error injection interface */
+ static ssize_t mce_write(struct file *filp, const char __user *ubuf,
++ size_t usize, loff_t *off) __size_overflow(3);
++static ssize_t mce_write(struct file *filp, const char __user *ubuf,
+ size_t usize, loff_t *off)
+ {
+ struct mce m;
diff --git a/arch/x86/kernel/cpu/mcheck/mce.c b/arch/x86/kernel/cpu/mcheck/mce.c
index 5a11ae2..a1a1c8a 100644
--- a/arch/x86/kernel/cpu/mcheck/mce.c
@@ -13767,6 +13944,19 @@ index 54060f5..c1a7577 100644
/* Make sure the vector pointer is visible before we enable MCEs: */
wmb();
+diff --git a/arch/x86/kernel/cpu/mtrr/if.c b/arch/x86/kernel/cpu/mtrr/if.c
+index 7928963..1b16001 100644
+--- a/arch/x86/kernel/cpu/mtrr/if.c
++++ b/arch/x86/kernel/cpu/mtrr/if.c
+@@ -91,6 +91,8 @@ mtrr_file_del(unsigned long base, unsigned long size,
+ * "base=%Lx size=%Lx type=%s" or "disable=%d"
+ */
+ static ssize_t
++mtrr_write(struct file *file, const char __user *buf, size_t len, loff_t * ppos) __size_overflow(3);
++static ssize_t
+ mtrr_write(struct file *file, const char __user *buf, size_t len, loff_t * ppos)
+ {
+ int i, err;
diff --git a/arch/x86/kernel/cpu/mtrr/main.c b/arch/x86/kernel/cpu/mtrr/main.c
index 6b96110..0da73eb 100644
--- a/arch/x86/kernel/cpu/mtrr/main.c
@@ -14206,23 +14396,10 @@ index 9b9f18b..9fcaa04 100644
#include <asm/processor.h>
#include <asm/fcntl.h>
diff --git a/arch/x86/kernel/entry_32.S b/arch/x86/kernel/entry_32.S
-index 79d97e6..76aaad7 100644
+index 7b784f4..76aaad7 100644
--- a/arch/x86/kernel/entry_32.S
+++ b/arch/x86/kernel/entry_32.S
-@@ -98,12 +98,6 @@
- #endif
- .endm
-
--#ifdef CONFIG_VM86
--#define resume_userspace_sig check_userspace
--#else
--#define resume_userspace_sig resume_userspace
--#endif
--
- /*
- * User gs save/restore
- *
-@@ -185,13 +179,146 @@
+@@ -179,13 +179,146 @@
/*CFI_REL_OFFSET gs, PT_GS*/
.endm
.macro SET_KERNEL_GS reg
@@ -14370,7 +14547,7 @@ index 79d97e6..76aaad7 100644
cld
PUSH_GS
pushl_cfi %fs
-@@ -214,7 +341,7 @@
+@@ -208,7 +341,7 @@
CFI_REL_OFFSET ecx, 0
pushl_cfi %ebx
CFI_REL_OFFSET ebx, 0
@@ -14379,7 +14556,7 @@ index 79d97e6..76aaad7 100644
movl %edx, %ds
movl %edx, %es
movl $(__KERNEL_PERCPU), %edx
-@@ -222,6 +349,15 @@
+@@ -216,6 +349,15 @@
SET_KERNEL_GS %edx
.endm
@@ -14395,7 +14572,7 @@ index 79d97e6..76aaad7 100644
.macro RESTORE_INT_REGS
popl_cfi %ebx
CFI_RESTORE ebx
-@@ -307,7 +443,7 @@ ENTRY(ret_from_fork)
+@@ -301,7 +443,7 @@ ENTRY(ret_from_fork)
popfl_cfi
jmp syscall_exit
CFI_ENDPROC
@@ -14404,24 +14581,9 @@ index 79d97e6..76aaad7 100644
/*
* Interrupt exit functions should be protected against kprobes
-@@ -327,12 +463,29 @@ ret_from_exception:
- preempt_stop(CLBR_ANY)
- ret_from_intr:
- GET_THREAD_INFO(%ebp)
--check_userspace:
-+resume_userspace_sig:
-+#ifdef CONFIG_VM86
- movl PT_EFLAGS(%esp), %eax # mix EFLAGS and CS
- movb PT_CS(%esp), %al
- andl $(X86_EFLAGS_VM | SEGMENT_RPL_MASK), %eax
-+#else
-+ /*
-+ * We can be coming here from a syscall done in the kernel space,
-+ * e.g. a failed kernel_execve().
-+ */
-+ movl PT_CS(%esp), %eax
-+ andl $SEGMENT_RPL_MASK, %eax
-+#endif
+@@ -335,7 +477,15 @@ resume_userspace_sig:
+ andl $SEGMENT_RPL_MASK, %eax
+ #endif
cmpl $USER_RPL, %eax
+
+#ifdef CONFIG_PAX_KERNEXEC
@@ -14435,7 +14597,7 @@ index 79d97e6..76aaad7 100644
ENTRY(resume_userspace)
LOCKDEP_SYS_EXIT
-@@ -344,8 +497,8 @@ ENTRY(resume_userspace)
+@@ -347,8 +497,8 @@ ENTRY(resume_userspace)
andl $_TIF_WORK_MASK, %ecx # is there any work to be done on
# int/exception return?
jne work_pending
@@ -14446,7 +14608,7 @@ index 79d97e6..76aaad7 100644
#ifdef CONFIG_PREEMPT
ENTRY(resume_kernel)
-@@ -360,7 +513,7 @@ need_resched:
+@@ -363,7 +513,7 @@ need_resched:
jz restore_all
call preempt_schedule_irq
jmp need_resched
@@ -14455,7 +14617,7 @@ index 79d97e6..76aaad7 100644
#endif
CFI_ENDPROC
/*
-@@ -394,23 +547,34 @@ sysenter_past_esp:
+@@ -397,23 +547,34 @@ sysenter_past_esp:
/*CFI_REL_OFFSET cs, 0*/
/*
* Push current_thread_info()->sysenter_return to the stack.
@@ -14493,7 +14655,7 @@ index 79d97e6..76aaad7 100644
movl %ebp,PT_EBP(%esp)
.section __ex_table,"a"
.align 4
-@@ -433,12 +597,24 @@ sysenter_do_call:
+@@ -436,12 +597,24 @@ sysenter_do_call:
testl $_TIF_ALLWORK_MASK, %ecx
jne sysexit_audit
sysenter_exit:
@@ -14518,7 +14680,7 @@ index 79d97e6..76aaad7 100644
PTGS_TO_GS
ENABLE_INTERRUPTS_SYSEXIT
-@@ -455,6 +631,9 @@ sysenter_audit:
+@@ -458,6 +631,9 @@ sysenter_audit:
movl %eax,%edx /* 2nd arg: syscall number */
movl $AUDIT_ARCH_I386,%eax /* 1st arg: audit arch */
call __audit_syscall_entry
@@ -14528,7 +14690,7 @@ index 79d97e6..76aaad7 100644
pushl_cfi %ebx
movl PT_EAX(%esp),%eax /* reload syscall number */
jmp sysenter_do_call
-@@ -480,11 +659,17 @@ sysexit_audit:
+@@ -483,11 +659,17 @@ sysexit_audit:
CFI_ENDPROC
.pushsection .fixup,"ax"
@@ -14548,7 +14710,7 @@ index 79d97e6..76aaad7 100644
.popsection
PTGS_TO_GS_EX
ENDPROC(ia32_sysenter_target)
-@@ -517,6 +702,15 @@ syscall_exit:
+@@ -520,6 +702,15 @@ syscall_exit:
testl $_TIF_ALLWORK_MASK, %ecx # current->work
jne syscall_exit_work
@@ -14564,7 +14726,7 @@ index 79d97e6..76aaad7 100644
restore_all:
TRACE_IRQS_IRET
restore_all_notrace:
-@@ -576,14 +770,34 @@ ldt_ss:
+@@ -579,14 +770,34 @@ ldt_ss:
* compensating for the offset by changing to the ESPFIX segment with
* a base address that matches for the difference.
*/
@@ -14602,7 +14764,7 @@ index 79d97e6..76aaad7 100644
pushl_cfi $__ESPFIX_SS
pushl_cfi %eax /* new kernel esp */
/* Disable interrupts, but do not irqtrace this section: we
-@@ -612,38 +826,30 @@ work_resched:
+@@ -615,38 +826,30 @@ work_resched:
movl TI_flags(%ebp), %ecx
andl $_TIF_WORK_MASK, %ecx # is there any work to be done other
# than syscall tracing?
@@ -14646,7 +14808,7 @@ index 79d97e6..76aaad7 100644
# perform syscall exit tracing
ALIGN
-@@ -651,11 +857,14 @@ syscall_trace_entry:
+@@ -654,11 +857,14 @@ syscall_trace_entry:
movl $-ENOSYS,PT_EAX(%esp)
movl %esp, %eax
call syscall_trace_enter
@@ -14662,7 +14824,7 @@ index 79d97e6..76aaad7 100644
# perform syscall exit tracing
ALIGN
-@@ -668,20 +877,24 @@ syscall_exit_work:
+@@ -671,20 +877,24 @@ syscall_exit_work:
movl %esp, %eax
call syscall_trace_leave
jmp resume_userspace
@@ -14690,7 +14852,7 @@ index 79d97e6..76aaad7 100644
CFI_ENDPROC
/*
* End of kprobes section
-@@ -753,6 +966,36 @@ ENTRY(ptregs_clone)
+@@ -756,6 +966,36 @@ ENTRY(ptregs_clone)
CFI_ENDPROC
ENDPROC(ptregs_clone)
@@ -14727,7 +14889,7 @@ index 79d97e6..76aaad7 100644
.macro FIXUP_ESPFIX_STACK
/*
* Switch back for ESPFIX stack to the normal zerobased stack
-@@ -762,8 +1005,15 @@ ENDPROC(ptregs_clone)
+@@ -765,8 +1005,15 @@ ENDPROC(ptregs_clone)
* normal stack and adjusts ESP with the matching offset.
*/
/* fixup the stack */
@@ -14745,7 +14907,7 @@ index 79d97e6..76aaad7 100644
shl $16, %eax
addl %esp, %eax /* the adjusted stack pointer */
pushl_cfi $__KERNEL_DS
-@@ -816,7 +1066,7 @@ vector=vector+1
+@@ -819,7 +1066,7 @@ vector=vector+1
.endr
2: jmp common_interrupt
.endr
@@ -14754,7 +14916,7 @@ index 79d97e6..76aaad7 100644
.previous
END(interrupt)
-@@ -864,7 +1114,7 @@ ENTRY(coprocessor_error)
+@@ -867,7 +1114,7 @@ ENTRY(coprocessor_error)
pushl_cfi $do_coprocessor_error
jmp error_code
CFI_ENDPROC
@@ -14763,7 +14925,7 @@ index 79d97e6..76aaad7 100644
ENTRY(simd_coprocessor_error)
RING0_INT_FRAME
-@@ -885,7 +1135,7 @@ ENTRY(simd_coprocessor_error)
+@@ -888,7 +1135,7 @@ ENTRY(simd_coprocessor_error)
#endif
jmp error_code
CFI_ENDPROC
@@ -14772,7 +14934,7 @@ index 79d97e6..76aaad7 100644
ENTRY(device_not_available)
RING0_INT_FRAME
-@@ -893,7 +1143,7 @@ ENTRY(device_not_available)
+@@ -896,7 +1143,7 @@ ENTRY(device_not_available)
pushl_cfi $do_device_not_available
jmp error_code
CFI_ENDPROC
@@ -14781,7 +14943,7 @@ index 79d97e6..76aaad7 100644
#ifdef CONFIG_PARAVIRT
ENTRY(native_iret)
-@@ -902,12 +1152,12 @@ ENTRY(native_iret)
+@@ -905,12 +1152,12 @@ ENTRY(native_iret)
.align 4
.long native_iret, iret_exc
.previous
@@ -14796,7 +14958,7 @@ index 79d97e6..76aaad7 100644
#endif
ENTRY(overflow)
-@@ -916,7 +1166,7 @@ ENTRY(overflow)
+@@ -919,7 +1166,7 @@ ENTRY(overflow)
pushl_cfi $do_overflow
jmp error_code
CFI_ENDPROC
@@ -14805,7 +14967,7 @@ index 79d97e6..76aaad7 100644
ENTRY(bounds)
RING0_INT_FRAME
-@@ -924,7 +1174,7 @@ ENTRY(bounds)
+@@ -927,7 +1174,7 @@ ENTRY(bounds)
pushl_cfi $do_bounds
jmp error_code
CFI_ENDPROC
@@ -14814,7 +14976,7 @@ index 79d97e6..76aaad7 100644
ENTRY(invalid_op)
RING0_INT_FRAME
-@@ -932,7 +1182,7 @@ ENTRY(invalid_op)
+@@ -935,7 +1182,7 @@ ENTRY(invalid_op)
pushl_cfi $do_invalid_op
jmp error_code
CFI_ENDPROC
@@ -14823,7 +14985,7 @@ index 79d97e6..76aaad7 100644
ENTRY(coprocessor_segment_overrun)
RING0_INT_FRAME
-@@ -940,35 +1190,35 @@ ENTRY(coprocessor_segment_overrun)
+@@ -943,35 +1190,35 @@ ENTRY(coprocessor_segment_overrun)
pushl_cfi $do_coprocessor_segment_overrun
jmp error_code
CFI_ENDPROC
@@ -14864,7 +15026,7 @@ index 79d97e6..76aaad7 100644
ENTRY(divide_error)
RING0_INT_FRAME
-@@ -976,7 +1226,7 @@ ENTRY(divide_error)
+@@ -979,7 +1226,7 @@ ENTRY(divide_error)
pushl_cfi $do_divide_error
jmp error_code
CFI_ENDPROC
@@ -14873,7 +15035,7 @@ index 79d97e6..76aaad7 100644
#ifdef CONFIG_X86_MCE
ENTRY(machine_check)
-@@ -985,7 +1235,7 @@ ENTRY(machine_check)
+@@ -988,7 +1235,7 @@ ENTRY(machine_check)
pushl_cfi machine_check_vector
jmp error_code
CFI_ENDPROC
@@ -14882,7 +15044,7 @@ index 79d97e6..76aaad7 100644
#endif
ENTRY(spurious_interrupt_bug)
-@@ -994,7 +1244,7 @@ ENTRY(spurious_interrupt_bug)
+@@ -997,7 +1244,7 @@ ENTRY(spurious_interrupt_bug)
pushl_cfi $do_spurious_interrupt_bug
jmp error_code
CFI_ENDPROC
@@ -14891,7 +15053,7 @@ index 79d97e6..76aaad7 100644
/*
* End of kprobes section
*/
-@@ -1109,7 +1359,7 @@ BUILD_INTERRUPT3(xen_hvm_callback_vector, XEN_HVM_EVTCHN_CALLBACK,
+@@ -1112,7 +1359,7 @@ BUILD_INTERRUPT3(xen_hvm_callback_vector, XEN_HVM_EVTCHN_CALLBACK,
ENTRY(mcount)
ret
@@ -14900,7 +15062,7 @@ index 79d97e6..76aaad7 100644
ENTRY(ftrace_caller)
cmpl $0, function_trace_stop
-@@ -1138,7 +1388,7 @@ ftrace_graph_call:
+@@ -1141,7 +1388,7 @@ ftrace_graph_call:
.globl ftrace_stub
ftrace_stub:
ret
@@ -14909,7 +15071,7 @@ index 79d97e6..76aaad7 100644
#else /* ! CONFIG_DYNAMIC_FTRACE */
-@@ -1174,7 +1424,7 @@ trace:
+@@ -1177,7 +1424,7 @@ trace:
popl %ecx
popl %eax
jmp ftrace_stub
@@ -14918,7 +15080,7 @@ index 79d97e6..76aaad7 100644
#endif /* CONFIG_DYNAMIC_FTRACE */
#endif /* CONFIG_FUNCTION_TRACER */
-@@ -1195,7 +1445,7 @@ ENTRY(ftrace_graph_caller)
+@@ -1198,7 +1445,7 @@ ENTRY(ftrace_graph_caller)
popl %ecx
popl %eax
ret
@@ -14927,7 +15089,7 @@ index 79d97e6..76aaad7 100644
.globl return_to_handler
return_to_handler:
-@@ -1250,15 +1500,18 @@ error_code:
+@@ -1253,15 +1500,18 @@ error_code:
movl $-1, PT_ORIG_EAX(%esp) # no syscall to restart
REG_TO_PTGS %ecx
SET_KERNEL_GS %ecx
@@ -14948,7 +15110,7 @@ index 79d97e6..76aaad7 100644
/*
* Debug traps and NMI can happen at the one SYSENTER instruction
-@@ -1300,7 +1553,7 @@ debug_stack_correct:
+@@ -1303,7 +1553,7 @@ debug_stack_correct:
call do_debug
jmp ret_from_exception
CFI_ENDPROC
@@ -14957,7 +15119,7 @@ index 79d97e6..76aaad7 100644
/*
* NMI is doubly nasty. It can happen _while_ we're handling
-@@ -1337,6 +1590,9 @@ nmi_stack_correct:
+@@ -1340,6 +1590,9 @@ nmi_stack_correct:
xorl %edx,%edx # zero error code
movl %esp,%eax # pt_regs pointer
call do_nmi
@@ -14967,7 +15129,7 @@ index 79d97e6..76aaad7 100644
jmp restore_all_notrace
CFI_ENDPROC
-@@ -1373,12 +1629,15 @@ nmi_espfix_stack:
+@@ -1376,12 +1629,15 @@ nmi_espfix_stack:
FIXUP_ESPFIX_STACK # %eax == %esp
xorl %edx,%edx # zero error code
call do_nmi
@@ -14984,7 +15146,7 @@ index 79d97e6..76aaad7 100644
ENTRY(int3)
RING0_INT_FRAME
-@@ -1390,14 +1649,14 @@ ENTRY(int3)
+@@ -1393,14 +1649,14 @@ ENTRY(int3)
call do_int3
jmp ret_from_exception
CFI_ENDPROC
@@ -15001,7 +15163,7 @@ index 79d97e6..76aaad7 100644
#ifdef CONFIG_KVM_GUEST
ENTRY(async_page_fault)
-@@ -1405,7 +1664,7 @@ ENTRY(async_page_fault)
+@@ -1408,7 +1664,7 @@ ENTRY(async_page_fault)
pushl_cfi $do_async_page_fault
jmp error_code
CFI_ENDPROC
@@ -16851,6 +17013,79 @@ index 9c3bd4a..e1d9b35 100644
+#ifdef CONFIG_PAX_KERNEXEC
+EXPORT_SYMBOL(__LOAD_PHYSICAL_ADDR);
+#endif
+diff --git a/arch/x86/kernel/i387.c b/arch/x86/kernel/i387.c
+index 739d859..d1d6be7 100644
+--- a/arch/x86/kernel/i387.c
++++ b/arch/x86/kernel/i387.c
+@@ -188,6 +188,9 @@ int xfpregs_active(struct task_struct *target, const struct user_regset *regset)
+
+ int xfpregs_get(struct task_struct *target, const struct user_regset *regset,
+ unsigned int pos, unsigned int count,
++ void *kbuf, void __user *ubuf) __size_overflow(4);
++int xfpregs_get(struct task_struct *target, const struct user_regset *regset,
++ unsigned int pos, unsigned int count,
+ void *kbuf, void __user *ubuf)
+ {
+ int ret;
+@@ -207,6 +210,9 @@ int xfpregs_get(struct task_struct *target, const struct user_regset *regset,
+
+ int xfpregs_set(struct task_struct *target, const struct user_regset *regset,
+ unsigned int pos, unsigned int count,
++ const void *kbuf, const void __user *ubuf) __size_overflow(4);
++int xfpregs_set(struct task_struct *target, const struct user_regset *regset,
++ unsigned int pos, unsigned int count,
+ const void *kbuf, const void __user *ubuf)
+ {
+ int ret;
+@@ -240,6 +246,9 @@ int xfpregs_set(struct task_struct *target, const struct user_regset *regset,
+
+ int xstateregs_get(struct task_struct *target, const struct user_regset *regset,
+ unsigned int pos, unsigned int count,
++ void *kbuf, void __user *ubuf) __size_overflow(4);
++int xstateregs_get(struct task_struct *target, const struct user_regset *regset,
++ unsigned int pos, unsigned int count,
+ void *kbuf, void __user *ubuf)
+ {
+ int ret;
+@@ -269,6 +278,9 @@ int xstateregs_get(struct task_struct *target, const struct user_regset *regset,
+
+ int xstateregs_set(struct task_struct *target, const struct user_regset *regset,
+ unsigned int pos, unsigned int count,
++ const void *kbuf, const void __user *ubuf) __size_overflow(4);
++int xstateregs_set(struct task_struct *target, const struct user_regset *regset,
++ unsigned int pos, unsigned int count,
+ const void *kbuf, const void __user *ubuf)
+ {
+ int ret;
+@@ -439,6 +451,9 @@ static void convert_to_fxsr(struct task_struct *tsk,
+
+ int fpregs_get(struct task_struct *target, const struct user_regset *regset,
+ unsigned int pos, unsigned int count,
++ void *kbuf, void __user *ubuf) __size_overflow(3,4);
++int fpregs_get(struct task_struct *target, const struct user_regset *regset,
++ unsigned int pos, unsigned int count,
+ void *kbuf, void __user *ubuf)
+ {
+ struct user_i387_ia32_struct env;
+@@ -471,6 +486,9 @@ int fpregs_get(struct task_struct *target, const struct user_regset *regset,
+
+ int fpregs_set(struct task_struct *target, const struct user_regset *regset,
+ unsigned int pos, unsigned int count,
++ const void *kbuf, const void __user *ubuf) __size_overflow(3,4);
++int fpregs_set(struct task_struct *target, const struct user_regset *regset,
++ unsigned int pos, unsigned int count,
+ const void *kbuf, const void __user *ubuf)
+ {
+ struct user_i387_ia32_struct env;
+@@ -619,6 +637,8 @@ static inline int restore_i387_fsave(struct _fpstate_ia32 __user *buf)
+ }
+
+ static int restore_i387_fxsave(struct _fpstate_ia32 __user *buf,
++ unsigned int size) __size_overflow(2);
++static int restore_i387_fxsave(struct _fpstate_ia32 __user *buf,
+ unsigned int size)
+ {
+ struct task_struct *tsk = current;
diff --git a/arch/x86/kernel/i8259.c b/arch/x86/kernel/i8259.c
index 6104852..6114160 100644
--- a/arch/x86/kernel/i8259.c
@@ -17127,11 +17362,24 @@ index d04d3ec..ea4b374 100644
return;
if (regs->sp >= curbase + sizeof(struct thread_info) +
+diff --git a/arch/x86/kernel/kdebugfs.c b/arch/x86/kernel/kdebugfs.c
+index 90fcf62..e682cdd 100644
+--- a/arch/x86/kernel/kdebugfs.c
++++ b/arch/x86/kernel/kdebugfs.c
+@@ -28,6 +28,8 @@ struct setup_data_node {
+ };
+
+ static ssize_t setup_data_read(struct file *file, char __user *user_buf,
++ size_t count, loff_t *ppos) __size_overflow(3);
++static ssize_t setup_data_read(struct file *file, char __user *user_buf,
+ size_t count, loff_t *ppos)
+ {
+ struct setup_data_node *node = file->private_data;
diff --git a/arch/x86/kernel/kgdb.c b/arch/x86/kernel/kgdb.c
-index faba577..93b9e71 100644
+index 2f45c4c..d95504f 100644
--- a/arch/x86/kernel/kgdb.c
+++ b/arch/x86/kernel/kgdb.c
-@@ -124,11 +124,11 @@ char *dbg_get_reg(int regno, void *mem, struct pt_regs *regs)
+@@ -126,11 +126,11 @@ char *dbg_get_reg(int regno, void *mem, struct pt_regs *regs)
#ifdef CONFIG_X86_32
switch (regno) {
case GDB_SS:
@@ -17145,7 +17393,7 @@ index faba577..93b9e71 100644
*(unsigned long *)mem = kernel_stack_pointer(regs);
break;
case GDB_GS:
-@@ -473,12 +473,12 @@ int kgdb_arch_handle_exception(int e_vector, int signo, int err_code,
+@@ -475,12 +475,12 @@ int kgdb_arch_handle_exception(int e_vector, int signo, int err_code,
case 'k':
/* clear the trace bit */
linux_regs->flags &= ~X86_EFLAGS_TF;
@@ -17160,7 +17408,7 @@ index faba577..93b9e71 100644
raw_smp_processor_id());
}
-@@ -543,7 +543,7 @@ static int __kgdb_notify(struct die_args *args, unsigned long cmd)
+@@ -545,7 +545,7 @@ static int __kgdb_notify(struct die_args *args, unsigned long cmd)
switch (cmd) {
case DIE_DEBUG:
@@ -17317,7 +17565,7 @@ index 7da647d..56fe348 100644
insn_buf[0] = RELATIVEJUMP_OPCODE;
diff --git a/arch/x86/kernel/ldt.c b/arch/x86/kernel/ldt.c
-index ea69726..604d066 100644
+index ea69726..a305f16 100644
--- a/arch/x86/kernel/ldt.c
+++ b/arch/x86/kernel/ldt.c
@@ -67,13 +67,13 @@ static int alloc_ldt(mm_context_t *pc, int mincount, int reload)
@@ -17370,7 +17618,23 @@ index ea69726..604d066 100644
return retval;
}
-@@ -230,6 +248,13 @@ static int write_ldt(void __user *ptr, unsigned long bytecount, int oldmode)
+@@ -141,6 +159,7 @@ void destroy_context(struct mm_struct *mm)
+ }
+ }
+
++static int read_ldt(void __user *ptr, unsigned long bytecount) __size_overflow(2);
+ static int read_ldt(void __user *ptr, unsigned long bytecount)
+ {
+ int err;
+@@ -175,6 +194,7 @@ error_return:
+ return err;
+ }
+
++static int read_default_ldt(void __user *ptr, unsigned long bytecount) __size_overflow(2);
+ static int read_default_ldt(void __user *ptr, unsigned long bytecount)
+ {
+ /* CHECKME: Can we use _one_ random number ? */
+@@ -230,6 +250,13 @@ static int write_ldt(void __user *ptr, unsigned long bytecount, int oldmode)
}
}
@@ -17416,11 +17680,14 @@ index a3fa43b..8966f4c 100644
relocate_kernel_ptr = control_page;
page_list[PA_CONTROL_PAGE] = __pa(control_page);
diff --git a/arch/x86/kernel/microcode_intel.c b/arch/x86/kernel/microcode_intel.c
-index 3ca42d0..7cff8cc 100644
+index 3ca42d0..79d24cd 100644
--- a/arch/x86/kernel/microcode_intel.c
+++ b/arch/x86/kernel/microcode_intel.c
-@@ -436,13 +436,13 @@ static enum ucode_state request_microcode_fw(int cpu, struct device *device)
+@@ -434,15 +434,16 @@ static enum ucode_state request_microcode_fw(int cpu, struct device *device)
+ return ret;
+ }
++static int get_ucode_user(void *to, const void *from, size_t n) __size_overflow(3);
static int get_ucode_user(void *to, const void *from, size_t n)
{
- return copy_from_user(to, from, n);
@@ -17436,14 +17703,15 @@ index 3ca42d0..7cff8cc 100644
static void microcode_fini_cpu(int cpu)
diff --git a/arch/x86/kernel/module.c b/arch/x86/kernel/module.c
-index 925179f..267ac7a 100644
+index 925179f..1f0d561 100644
--- a/arch/x86/kernel/module.c
+++ b/arch/x86/kernel/module.c
-@@ -36,15 +36,60 @@
+@@ -36,15 +36,61 @@
#define DEBUGP(fmt...)
#endif
-void *module_alloc(unsigned long size)
++static inline void *__module_alloc(unsigned long size, pgprot_t prot) __size_overflow(1);
+static inline void *__module_alloc(unsigned long size, pgprot_t prot)
{
- if (PAGE_ALIGN(size) > MODULES_LEN)
@@ -17503,7 +17771,7 @@ index 925179f..267ac7a 100644
#ifdef CONFIG_X86_32
int apply_relocate(Elf32_Shdr *sechdrs,
const char *strtab,
-@@ -55,14 +100,16 @@ int apply_relocate(Elf32_Shdr *sechdrs,
+@@ -55,14 +101,16 @@ int apply_relocate(Elf32_Shdr *sechdrs,
unsigned int i;
Elf32_Rel *rel = (void *)sechdrs[relsec].sh_addr;
Elf32_Sym *sym;
@@ -17523,7 +17791,7 @@ index 925179f..267ac7a 100644
/* This is the symbol it is referring to. Note that all
undefined symbols have been resolved. */
sym = (Elf32_Sym *)sechdrs[symindex].sh_addr
-@@ -71,11 +118,15 @@ int apply_relocate(Elf32_Shdr *sechdrs,
+@@ -71,11 +119,15 @@ int apply_relocate(Elf32_Shdr *sechdrs,
switch (ELF32_R_TYPE(rel[i].r_info)) {
case R_386_32:
/* We add the value into the location given */
@@ -17541,7 +17809,7 @@ index 925179f..267ac7a 100644
break;
default:
printk(KERN_ERR "module %s: Unknown relocation: %u\n",
-@@ -120,21 +171,30 @@ int apply_relocate_add(Elf64_Shdr *sechdrs,
+@@ -120,21 +172,30 @@ int apply_relocate_add(Elf64_Shdr *sechdrs,
case R_X86_64_NONE:
break;
case R_X86_64_64:
@@ -18055,10 +18323,21 @@ index cfa5c90..4facd28 100644
ip = *(u64 *)(fp+8);
if (!in_sched_functions(ip))
diff --git a/arch/x86/kernel/ptrace.c b/arch/x86/kernel/ptrace.c
-index 5026738..9e6d6dc 100644
+index 5026738..e1b5aa8 100644
--- a/arch/x86/kernel/ptrace.c
+++ b/arch/x86/kernel/ptrace.c
-@@ -823,7 +823,7 @@ long arch_ptrace(struct task_struct *child, long request,
+@@ -792,6 +792,10 @@ static int ioperm_active(struct task_struct *target,
+ static int ioperm_get(struct task_struct *target,
+ const struct user_regset *regset,
+ unsigned int pos, unsigned int count,
++ void *kbuf, void __user *ubuf) __size_overflow(3,4);
++static int ioperm_get(struct task_struct *target,
++ const struct user_regset *regset,
++ unsigned int pos, unsigned int count,
+ void *kbuf, void __user *ubuf)
+ {
+ if (!target->thread.io_bitmap_ptr)
+@@ -823,7 +827,7 @@ long arch_ptrace(struct task_struct *child, long request,
unsigned long addr, unsigned long data)
{
int ret;
@@ -18067,7 +18346,7 @@ index 5026738..9e6d6dc 100644
switch (request) {
/* read the word at location addr in the USER area. */
-@@ -908,14 +908,14 @@ long arch_ptrace(struct task_struct *child, long request,
+@@ -908,14 +912,14 @@ long arch_ptrace(struct task_struct *child, long request,
if ((int) addr < 0)
return -EIO;
ret = do_get_thread_area(child, addr,
@@ -18084,7 +18363,7 @@ index 5026738..9e6d6dc 100644
break;
#endif
-@@ -1332,7 +1332,7 @@ static void fill_sigtrap_info(struct task_struct *tsk,
+@@ -1332,7 +1336,7 @@ static void fill_sigtrap_info(struct task_struct *tsk,
memset(info, 0, sizeof(*info));
info->si_signo = SIGTRAP;
info->si_code = si_code;
@@ -18331,7 +18610,7 @@ index d7d5099..28555d0 100644
bss_resource.start = virt_to_phys(&__bss_start);
bss_resource.end = virt_to_phys(&__bss_stop)-1;
diff --git a/arch/x86/kernel/setup_percpu.c b/arch/x86/kernel/setup_percpu.c
-index 71f4727..16dc9f7 100644
+index 71f4727..217419b 100644
--- a/arch/x86/kernel/setup_percpu.c
+++ b/arch/x86/kernel/setup_percpu.c
@@ -21,19 +21,17 @@
@@ -18358,7 +18637,25 @@ index 71f4727..16dc9f7 100644
[0 ... NR_CPUS-1] = BOOT_PERCPU_OFFSET,
};
EXPORT_SYMBOL(__per_cpu_offset);
-@@ -155,10 +153,10 @@ static inline void setup_percpu_segment(int cpu)
+@@ -96,6 +94,8 @@ static bool __init pcpu_need_numa(void)
+ * Pointer to the allocated area on success, NULL on failure.
+ */
+ static void * __init pcpu_alloc_bootmem(unsigned int cpu, unsigned long size,
++ unsigned long align) __size_overflow(2);
++static void * __init pcpu_alloc_bootmem(unsigned int cpu, unsigned long size,
+ unsigned long align)
+ {
+ const unsigned long goal = __pa(MAX_DMA_ADDRESS);
+@@ -124,6 +124,8 @@ static void * __init pcpu_alloc_bootmem(unsigned int cpu, unsigned long size,
+ /*
+ * Helpers for first chunk memory allocation
+ */
++static void * __init pcpu_fc_alloc(unsigned int cpu, size_t size, size_t align) __size_overflow(2);
++
+ static void * __init pcpu_fc_alloc(unsigned int cpu, size_t size, size_t align)
+ {
+ return pcpu_alloc_bootmem(cpu, size, align);
+@@ -155,10 +157,10 @@ static inline void setup_percpu_segment(int cpu)
{
#ifdef CONFIG_X86_32
struct desc_struct gdt;
@@ -18372,7 +18669,7 @@ index 71f4727..16dc9f7 100644
write_gdt_entry(get_cpu_gdt_table(cpu),
GDT_ENTRY_PERCPU, &gdt, DESCTYPE_S);
#endif
-@@ -207,6 +205,11 @@ void __init setup_per_cpu_areas(void)
+@@ -207,6 +209,11 @@ void __init setup_per_cpu_areas(void)
/* alrighty, percpu areas up and running */
delta = (unsigned long)pcpu_base_addr - (unsigned long)__per_cpu_start;
for_each_possible_cpu(cpu) {
@@ -18384,7 +18681,7 @@ index 71f4727..16dc9f7 100644
per_cpu_offset(cpu) = delta + pcpu_unit_offsets[cpu];
per_cpu(this_cpu_off, cpu) = per_cpu_offset(cpu);
per_cpu(cpu_number, cpu) = cpu;
-@@ -247,6 +250,12 @@ void __init setup_per_cpu_areas(void)
+@@ -247,6 +254,12 @@ void __init setup_per_cpu_areas(void)
*/
set_cpu_numa_node(cpu, early_cpu_to_node(cpu));
#endif
@@ -19022,7 +19319,7 @@ index dd5fbf4..b7f2232 100644
return pc;
}
diff --git a/arch/x86/kernel/tls.c b/arch/x86/kernel/tls.c
-index 6bb7b85..8f88b4a 100644
+index bcfec2d..8f88b4a 100644
--- a/arch/x86/kernel/tls.c
+++ b/arch/x86/kernel/tls.c
@@ -85,6 +85,11 @@ int do_set_thread_area(struct task_struct *p, int idx,
@@ -19037,24 +19334,18 @@ index 6bb7b85..8f88b4a 100644
set_tls_desc(p, idx, &info, 1);
return 0;
-@@ -163,7 +168,7 @@ int regset_tls_get(struct task_struct *target, const struct user_regset *regset,
- {
- const struct desc_struct *tls;
-
-- if (pos > GDT_ENTRY_TLS_ENTRIES * sizeof(struct user_desc) ||
-+ if (pos >= GDT_ENTRY_TLS_ENTRIES * sizeof(struct user_desc) ||
- (pos % sizeof(struct user_desc)) != 0 ||
- (count % sizeof(struct user_desc)) != 0)
- return -EINVAL;
-@@ -198,7 +203,7 @@ int regset_tls_set(struct task_struct *target, const struct user_regset *regset,
- struct user_desc infobuf[GDT_ENTRY_TLS_ENTRIES];
- const struct user_desc *info;
-
-- if (pos > GDT_ENTRY_TLS_ENTRIES * sizeof(struct user_desc) ||
-+ if (pos >= GDT_ENTRY_TLS_ENTRIES * sizeof(struct user_desc) ||
- (pos % sizeof(struct user_desc)) != 0 ||
- (count % sizeof(struct user_desc)) != 0)
- return -EINVAL;
+diff --git a/arch/x86/kernel/tls.h b/arch/x86/kernel/tls.h
+index 2f083a2..7d3fecc 100644
+--- a/arch/x86/kernel/tls.h
++++ b/arch/x86/kernel/tls.h
+@@ -16,6 +16,6 @@
+
+ extern user_regset_active_fn regset_tls_active;
+ extern user_regset_get_fn regset_tls_get;
+-extern user_regset_set_fn regset_tls_set;
++extern user_regset_set_fn regset_tls_set __size_overflow(4);
+
+ #endif /* _ARCH_X86_KERNEL_TLS_H */
diff --git a/arch/x86/kernel/trampoline_32.S b/arch/x86/kernel/trampoline_32.S
index 451c0a7..e57f551 100644
--- a/arch/x86/kernel/trampoline_32.S
@@ -19262,7 +19553,7 @@ index b9242ba..50c5edd 100644
* verify_cpu, returns the status of longmode and SSE in register %eax.
* 0: Success 1: Failure
diff --git a/arch/x86/kernel/vm86_32.c b/arch/x86/kernel/vm86_32.c
-index b466cab..a0df083 100644
+index 328cb37..f37fee1 100644
--- a/arch/x86/kernel/vm86_32.c
+++ b/arch/x86/kernel/vm86_32.c
@@ -41,6 +41,7 @@
@@ -19273,7 +19564,17 @@ index b466cab..a0df083 100644
#include <asm/uaccess.h>
#include <asm/io.h>
-@@ -148,7 +149,7 @@ struct pt_regs *save_v86_state(struct kernel_vm86_regs *regs)
+@@ -109,6 +110,9 @@ static int copy_vm86_regs_to_user(struct vm86_regs __user *user,
+ /* convert vm86_regs to kernel_vm86_regs */
+ static int copy_vm86_regs_from_user(struct kernel_vm86_regs *regs,
+ const struct vm86_regs __user *user,
++ unsigned extra) __size_overflow(3);
++static int copy_vm86_regs_from_user(struct kernel_vm86_regs *regs,
++ const struct vm86_regs __user *user,
+ unsigned extra)
+ {
+ int ret = 0;
+@@ -148,7 +152,7 @@ struct pt_regs *save_v86_state(struct kernel_vm86_regs *regs)
do_exit(SIGSEGV);
}
@@ -19282,7 +19583,7 @@ index b466cab..a0df083 100644
current->thread.sp0 = current->thread.saved_sp0;
current->thread.sysenter_cs = __KERNEL_CS;
load_sp0(tss, &current->thread);
-@@ -208,6 +209,13 @@ int sys_vm86old(struct vm86_struct __user *v86, struct pt_regs *regs)
+@@ -210,6 +214,13 @@ int sys_vm86old(struct vm86_struct __user *v86, struct pt_regs *regs)
struct task_struct *tsk;
int tmp, ret = -EPERM;
@@ -19296,7 +19597,7 @@ index b466cab..a0df083 100644
tsk = current;
if (tsk->thread.saved_sp0)
goto out;
-@@ -238,6 +246,14 @@ int sys_vm86(unsigned long cmd, unsigned long arg, struct pt_regs *regs)
+@@ -240,6 +251,14 @@ int sys_vm86(unsigned long cmd, unsigned long arg, struct pt_regs *regs)
int tmp, ret;
struct vm86plus_struct __user *v86;
@@ -19311,7 +19612,7 @@ index b466cab..a0df083 100644
tsk = current;
switch (cmd) {
case VM86_REQUEST_IRQ:
-@@ -324,7 +340,7 @@ static void do_sys_vm86(struct kernel_vm86_struct *info, struct task_struct *tsk
+@@ -326,7 +345,7 @@ static void do_sys_vm86(struct kernel_vm86_struct *info, struct task_struct *tsk
tsk->thread.saved_fs = info->regs32->fs;
tsk->thread.saved_gs = get_user_gs(info->regs32);
@@ -19320,7 +19621,7 @@ index b466cab..a0df083 100644
tsk->thread.sp0 = (unsigned long) &info->VM86_TSS_ESP0;
if (cpu_has_sep)
tsk->thread.sysenter_cs = 0;
-@@ -531,7 +547,7 @@ static void do_int(struct kernel_vm86_regs *regs, int i,
+@@ -533,7 +552,7 @@ static void do_int(struct kernel_vm86_regs *regs, int i,
goto cannot_handle;
if (i == 0x21 && is_revectored(AH(regs), &KVM86->int21_revectored))
goto cannot_handle;
@@ -19796,10 +20097,18 @@ index 1561028..0ed7f14 100644
goto error;
diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
-index e385214..f8df033 100644
+index e385214..029e9dd 100644
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
-@@ -3420,7 +3420,11 @@ static void reload_tss(struct kvm_vcpu *vcpu)
+@@ -3051,6 +3051,7 @@ static int svm_set_vm_cr(struct kvm_vcpu *vcpu, u64 data)
+ return 0;
+ }
+
++static int svm_set_msr(struct kvm_vcpu *vcpu, unsigned ecx, u64 data) __size_overflow(3);
+ static int svm_set_msr(struct kvm_vcpu *vcpu, unsigned ecx, u64 data)
+ {
+ struct vcpu_svm *svm = to_svm(vcpu);
+@@ -3420,7 +3421,11 @@ static void reload_tss(struct kvm_vcpu *vcpu)
int cpu = raw_smp_processor_id();
struct svm_cpu_data *sd = per_cpu(svm_data, cpu);
@@ -19811,7 +20120,7 @@ index e385214..f8df033 100644
load_TR_desc();
}
-@@ -3798,6 +3802,10 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu)
+@@ -3798,6 +3803,10 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu)
#endif
#endif
@@ -19905,10 +20214,23 @@ index 3b4c8d8..f457b63 100644
vmx->exit_reason = vmcs_read32(VM_EXIT_REASON);
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
-index 9cbfc06..7ddc9fa 100644
+index 9cbfc06..943ffa6 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
-@@ -1311,8 +1311,8 @@ static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data)
+@@ -873,6 +873,7 @@ static int do_set_msr(struct kvm_vcpu *vcpu, unsigned index, u64 *data)
+ return kvm_set_msr(vcpu, index, *data);
+ }
+
++static void kvm_write_wall_clock(struct kvm *kvm, gpa_t wall_clock) __size_overflow(2);
+ static void kvm_write_wall_clock(struct kvm *kvm, gpa_t wall_clock)
+ {
+ int version;
+@@ -1307,12 +1308,13 @@ static int set_msr_mce(struct kvm_vcpu *vcpu, u32 msr, u64 data)
+ return 0;
+ }
+
++static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data) __size_overflow(2);
+ static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data)
{
struct kvm *kvm = vcpu->kvm;
int lm = is_long_mode(vcpu);
@@ -19919,7 +20241,7 @@ index 9cbfc06..7ddc9fa 100644
u8 blob_size = lm ? kvm->arch.xen_hvm_config.blob_size_64
: kvm->arch.xen_hvm_config.blob_size_32;
u32 page_num = data & ~PAGE_MASK;
-@@ -2145,6 +2145,8 @@ long kvm_arch_dev_ioctl(struct file *filp,
+@@ -2145,6 +2147,8 @@ long kvm_arch_dev_ioctl(struct file *filp,
if (n < msr_list.nmsrs)
goto out;
r = -EFAULT;
@@ -19928,7 +20250,7 @@ index 9cbfc06..7ddc9fa 100644
if (copy_to_user(user_msr_list->indices, &msrs_to_save,
num_msrs_to_save * sizeof(u32)))
goto out;
-@@ -2266,7 +2268,7 @@ static int kvm_vcpu_ioctl_set_lapic(struct kvm_vcpu *vcpu,
+@@ -2266,7 +2270,7 @@ static int kvm_vcpu_ioctl_set_lapic(struct kvm_vcpu *vcpu,
static int kvm_vcpu_ioctl_interrupt(struct kvm_vcpu *vcpu,
struct kvm_interrupt *irq)
{
@@ -19937,7 +20259,67 @@ index 9cbfc06..7ddc9fa 100644
return -EINVAL;
if (irqchip_in_kernel(vcpu->kvm))
return -ENXIO;
-@@ -4780,7 +4782,7 @@ static void kvm_set_mmio_spte_mask(void)
+@@ -3497,6 +3501,9 @@ gpa_t kvm_mmu_gva_to_gpa_system(struct kvm_vcpu *vcpu, gva_t gva,
+
+ static int kvm_read_guest_virt_helper(gva_t addr, void *val, unsigned int bytes,
+ struct kvm_vcpu *vcpu, u32 access,
++ struct x86_exception *exception) __size_overflow(1,3);
++static int kvm_read_guest_virt_helper(gva_t addr, void *val, unsigned int bytes,
++ struct kvm_vcpu *vcpu, u32 access,
+ struct x86_exception *exception)
+ {
+ void *data = val;
+@@ -3528,6 +3535,9 @@ out:
+ /* used for instruction fetching */
+ static int kvm_fetch_guest_virt(struct x86_emulate_ctxt *ctxt,
+ gva_t addr, void *val, unsigned int bytes,
++ struct x86_exception *exception) __size_overflow(2,4);
++static int kvm_fetch_guest_virt(struct x86_emulate_ctxt *ctxt,
++ gva_t addr, void *val, unsigned int bytes,
+ struct x86_exception *exception)
+ {
+ struct kvm_vcpu *vcpu = emul_to_vcpu(ctxt);
+@@ -3552,6 +3562,9 @@ EXPORT_SYMBOL_GPL(kvm_read_guest_virt);
+
+ static int kvm_read_guest_virt_system(struct x86_emulate_ctxt *ctxt,
+ gva_t addr, void *val, unsigned int bytes,
++ struct x86_exception *exception) __size_overflow(2,4);
++static int kvm_read_guest_virt_system(struct x86_emulate_ctxt *ctxt,
++ gva_t addr, void *val, unsigned int bytes,
+ struct x86_exception *exception)
+ {
+ struct kvm_vcpu *vcpu = emul_to_vcpu(ctxt);
+@@ -3665,12 +3678,16 @@ static int read_prepare(struct kvm_vcpu *vcpu, void *val, int bytes)
+ }
+
+ static int read_emulate(struct kvm_vcpu *vcpu, gpa_t gpa,
++ void *val, int bytes) __size_overflow(2);
++static int read_emulate(struct kvm_vcpu *vcpu, gpa_t gpa,
+ void *val, int bytes)
+ {
+ return !kvm_read_guest(vcpu->kvm, gpa, val, bytes);
+ }
+
+ static int write_emulate(struct kvm_vcpu *vcpu, gpa_t gpa,
++ void *val, int bytes) __size_overflow(2);
++static int write_emulate(struct kvm_vcpu *vcpu, gpa_t gpa,
+ void *val, int bytes)
+ {
+ return emulator_write_phys(vcpu, gpa, val, bytes);
+@@ -3821,6 +3838,12 @@ static int emulator_cmpxchg_emulated(struct x86_emulate_ctxt *ctxt,
+ const void *old,
+ const void *new,
+ unsigned int bytes,
++ struct x86_exception *exception) __size_overflow(5);
++static int emulator_cmpxchg_emulated(struct x86_emulate_ctxt *ctxt,
++ unsigned long addr,
++ const void *old,
++ const void *new,
++ unsigned int bytes,
+ struct x86_exception *exception)
+ {
+ struct kvm_vcpu *vcpu = emul_to_vcpu(ctxt);
+@@ -4780,7 +4803,7 @@ static void kvm_set_mmio_spte_mask(void)
kvm_mmu_set_mmio_spte_mask(mask);
}
@@ -19946,6 +20328,24 @@ index 9cbfc06..7ddc9fa 100644
{
int r;
struct kvm_x86_ops *ops = (struct kvm_x86_ops *)opaque;
+diff --git a/arch/x86/kvm/x86.h b/arch/x86/kvm/x86.h
+index cb80c29..aeee86c 100644
+--- a/arch/x86/kvm/x86.h
++++ b/arch/x86/kvm/x86.h
+@@ -116,11 +116,11 @@ void kvm_write_tsc(struct kvm_vcpu *vcpu, u64 data);
+
+ int kvm_read_guest_virt(struct x86_emulate_ctxt *ctxt,
+ gva_t addr, void *val, unsigned int bytes,
+- struct x86_exception *exception);
++ struct x86_exception *exception) __size_overflow(2,4);
+
+ int kvm_write_guest_virt_system(struct x86_emulate_ctxt *ctxt,
+ gva_t addr, void *val, unsigned int bytes,
+- struct x86_exception *exception);
++ struct x86_exception *exception) __size_overflow(2,4);
+
+ extern u64 host_xcr0;
+
diff --git a/arch/x86/lguest/boot.c b/arch/x86/lguest/boot.c
index 642d880..44e0f3f 100644
--- a/arch/x86/lguest/boot.c
@@ -22219,7 +22619,7 @@ index a63efd6..ccecad8 100644
ret
CFI_ENDPROC
diff --git a/arch/x86/lib/usercopy_32.c b/arch/x86/lib/usercopy_32.c
-index e218d5d..35679b4 100644
+index e218d5d..a99a1eb 100644
--- a/arch/x86/lib/usercopy_32.c
+++ b/arch/x86/lib/usercopy_32.c
@@ -43,7 +43,7 @@ do { \
@@ -22322,7 +22722,7 @@ index e218d5d..35679b4 100644
" addl $-64, %0\n"
" addl $64, %4\n"
" addl $64, %3\n"
-@@ -278,10 +282,119 @@ __copy_user_intel(void __user *to, const void *from, unsigned long size)
+@@ -278,10 +282,12 @@ __copy_user_intel(void __user *to, const void *from, unsigned long size)
" shrl $2, %0\n"
" andl $3, %%eax\n"
" cld\n"
@@ -22332,58 +22732,13 @@ index e218d5d..35679b4 100644
"37: rep; movsb\n"
"100:\n"
+ __COPYUSER_RESTORE_ES
-+ ".section .fixup,\"ax\"\n"
-+ "101: lea 0(%%eax,%0,4),%0\n"
-+ " jmp 100b\n"
-+ ".previous\n"
-+ ".section __ex_table,\"a\"\n"
-+ " .align 4\n"
-+ " .long 1b,100b\n"
-+ " .long 2b,100b\n"
-+ " .long 3b,100b\n"
-+ " .long 4b,100b\n"
-+ " .long 5b,100b\n"
-+ " .long 6b,100b\n"
-+ " .long 7b,100b\n"
-+ " .long 8b,100b\n"
-+ " .long 9b,100b\n"
-+ " .long 10b,100b\n"
-+ " .long 11b,100b\n"
-+ " .long 12b,100b\n"
-+ " .long 13b,100b\n"
-+ " .long 14b,100b\n"
-+ " .long 15b,100b\n"
-+ " .long 16b,100b\n"
-+ " .long 17b,100b\n"
-+ " .long 18b,100b\n"
-+ " .long 19b,100b\n"
-+ " .long 20b,100b\n"
-+ " .long 21b,100b\n"
-+ " .long 22b,100b\n"
-+ " .long 23b,100b\n"
-+ " .long 24b,100b\n"
-+ " .long 25b,100b\n"
-+ " .long 26b,100b\n"
-+ " .long 27b,100b\n"
-+ " .long 28b,100b\n"
-+ " .long 29b,100b\n"
-+ " .long 30b,100b\n"
-+ " .long 31b,100b\n"
-+ " .long 32b,100b\n"
-+ " .long 33b,100b\n"
-+ " .long 34b,100b\n"
-+ " .long 35b,100b\n"
-+ " .long 36b,100b\n"
-+ " .long 37b,100b\n"
-+ " .long 99b,101b\n"
-+ ".previous"
-+ : "=&c"(size), "=&D" (d0), "=&S" (d1)
-+ : "1"(to), "2"(from), "0"(size)
-+ : "eax", "edx", "memory");
-+ return size;
-+}
-+
-+static unsigned long
+ ".section .fixup,\"ax\"\n"
+ "101: lea 0(%%eax,%0,4),%0\n"
+ " jmp 100b\n"
+@@ -334,46 +340,155 @@ __copy_user_intel(void __user *to, const void *from, unsigned long size)
+ }
+
+ static unsigned long
+__generic_copy_from_user_intel(void *to, const void __user *from, unsigned long size)
+{
+ int d0, d1;
@@ -22439,10 +22794,62 @@ index e218d5d..35679b4 100644
+ "36: movl %%eax, %0\n"
+ "37: rep; "__copyuser_seg" movsb\n"
+ "100:\n"
- ".section .fixup,\"ax\"\n"
- "101: lea 0(%%eax,%0,4),%0\n"
- " jmp 100b\n"
-@@ -339,41 +452,41 @@ __copy_user_zeroing_intel(void *to, const void __user *from, unsigned long size)
++ ".section .fixup,\"ax\"\n"
++ "101: lea 0(%%eax,%0,4),%0\n"
++ " jmp 100b\n"
++ ".previous\n"
++ ".section __ex_table,\"a\"\n"
++ " .align 4\n"
++ " .long 1b,100b\n"
++ " .long 2b,100b\n"
++ " .long 3b,100b\n"
++ " .long 4b,100b\n"
++ " .long 5b,100b\n"
++ " .long 6b,100b\n"
++ " .long 7b,100b\n"
++ " .long 8b,100b\n"
++ " .long 9b,100b\n"
++ " .long 10b,100b\n"
++ " .long 11b,100b\n"
++ " .long 12b,100b\n"
++ " .long 13b,100b\n"
++ " .long 14b,100b\n"
++ " .long 15b,100b\n"
++ " .long 16b,100b\n"
++ " .long 17b,100b\n"
++ " .long 18b,100b\n"
++ " .long 19b,100b\n"
++ " .long 20b,100b\n"
++ " .long 21b,100b\n"
++ " .long 22b,100b\n"
++ " .long 23b,100b\n"
++ " .long 24b,100b\n"
++ " .long 25b,100b\n"
++ " .long 26b,100b\n"
++ " .long 27b,100b\n"
++ " .long 28b,100b\n"
++ " .long 29b,100b\n"
++ " .long 30b,100b\n"
++ " .long 31b,100b\n"
++ " .long 32b,100b\n"
++ " .long 33b,100b\n"
++ " .long 34b,100b\n"
++ " .long 35b,100b\n"
++ " .long 36b,100b\n"
++ " .long 37b,100b\n"
++ " .long 99b,101b\n"
++ ".previous"
++ : "=&c"(size), "=&D" (d0), "=&S" (d1)
++ : "1"(to), "2"(from), "0"(size)
++ : "eax", "edx", "memory");
++ return size;
++}
++
++static unsigned long
++__copy_user_zeroing_intel(void *to, const void __user *from, unsigned long size) __size_overflow(3);
++static unsigned long
+ __copy_user_zeroing_intel(void *to, const void __user *from, unsigned long size)
+ {
int d0, d1;
__asm__ __volatile__(
" .align 2,0x90\n"
@@ -22502,7 +22909,7 @@ index e218d5d..35679b4 100644
" movl %%eax, 56(%3)\n"
" movl %%edx, 60(%3)\n"
" addl $-64, %0\n"
-@@ -385,9 +498,9 @@ __copy_user_zeroing_intel(void *to, const void __user *from, unsigned long size)
+@@ -385,9 +500,9 @@ __copy_user_zeroing_intel(void *to, const void __user *from, unsigned long size)
" shrl $2, %0\n"
" andl $3, %%eax\n"
" cld\n"
@@ -22514,7 +22921,15 @@ index e218d5d..35679b4 100644
"8:\n"
".section .fixup,\"ax\"\n"
"9: lea 0(%%eax,%0,4),%0\n"
-@@ -440,41 +553,41 @@ static unsigned long __copy_user_zeroing_intel_nocache(void *to,
+@@ -434,47 +549,49 @@ __copy_user_zeroing_intel(void *to, const void __user *from, unsigned long size)
+ */
+
+ static unsigned long __copy_user_zeroing_intel_nocache(void *to,
++ const void __user *from, unsigned long size) __size_overflow(3);
++static unsigned long __copy_user_zeroing_intel_nocache(void *to,
+ const void __user *from, unsigned long size)
+ {
+ int d0, d1;
__asm__ __volatile__(
" .align 2,0x90\n"
@@ -22574,7 +22989,7 @@ index e218d5d..35679b4 100644
" movnti %%eax, 56(%3)\n"
" movnti %%edx, 60(%3)\n"
" addl $-64, %0\n"
-@@ -487,9 +600,9 @@ static unsigned long __copy_user_zeroing_intel_nocache(void *to,
+@@ -487,9 +604,9 @@ static unsigned long __copy_user_zeroing_intel_nocache(void *to,
" shrl $2, %0\n"
" andl $3, %%eax\n"
" cld\n"
@@ -22586,7 +23001,15 @@ index e218d5d..35679b4 100644
"8:\n"
".section .fixup,\"ax\"\n"
"9: lea 0(%%eax,%0,4),%0\n"
-@@ -537,41 +650,41 @@ static unsigned long __copy_user_intel_nocache(void *to,
+@@ -531,47 +648,49 @@ static unsigned long __copy_user_zeroing_intel_nocache(void *to,
+ }
+
+ static unsigned long __copy_user_intel_nocache(void *to,
++ const void __user *from, unsigned long size) __size_overflow(3);
++static unsigned long __copy_user_intel_nocache(void *to,
+ const void __user *from, unsigned long size)
+ {
+ int d0, d1;
__asm__ __volatile__(
" .align 2,0x90\n"
@@ -22646,7 +23069,7 @@ index e218d5d..35679b4 100644
" movnti %%eax, 56(%3)\n"
" movnti %%edx, 60(%3)\n"
" addl $-64, %0\n"
-@@ -584,9 +697,9 @@ static unsigned long __copy_user_intel_nocache(void *to,
+@@ -584,9 +703,9 @@ static unsigned long __copy_user_intel_nocache(void *to,
" shrl $2, %0\n"
" andl $3, %%eax\n"
" cld\n"
@@ -22658,7 +23081,7 @@ index e218d5d..35679b4 100644
"8:\n"
".section .fixup,\"ax\"\n"
"9: lea 0(%%eax,%0,4),%0\n"
-@@ -629,32 +742,36 @@ static unsigned long __copy_user_intel_nocache(void *to,
+@@ -629,32 +748,36 @@ static unsigned long __copy_user_intel_nocache(void *to,
*/
unsigned long __copy_user_zeroing_intel(void *to, const void __user *from,
unsigned long size);
@@ -22700,7 +23123,7 @@ index e218d5d..35679b4 100644
".section .fixup,\"ax\"\n" \
"5: addl %3,%0\n" \
" jmp 2b\n" \
-@@ -682,14 +799,14 @@ do { \
+@@ -682,14 +805,14 @@ do { \
" negl %0\n" \
" andl $7,%0\n" \
" subl %0,%3\n" \
@@ -22718,7 +23141,7 @@ index e218d5d..35679b4 100644
"2:\n" \
".section .fixup,\"ax\"\n" \
"5: addl %3,%0\n" \
-@@ -775,9 +892,9 @@ survive:
+@@ -775,9 +898,9 @@ survive:
}
#endif
if (movsl_is_ok(to, from, n))
@@ -22730,7 +23153,7 @@ index e218d5d..35679b4 100644
return n;
}
EXPORT_SYMBOL(__copy_to_user_ll);
-@@ -797,10 +914,9 @@ unsigned long __copy_from_user_ll_nozero(void *to, const void __user *from,
+@@ -797,10 +920,9 @@ unsigned long __copy_from_user_ll_nozero(void *to, const void __user *from,
unsigned long n)
{
if (movsl_is_ok(to, from, n))
@@ -22743,7 +23166,7 @@ index e218d5d..35679b4 100644
return n;
}
EXPORT_SYMBOL(__copy_from_user_ll_nozero);
-@@ -827,65 +943,50 @@ unsigned long __copy_from_user_ll_nocache_nozero(void *to, const void __user *fr
+@@ -827,65 +949,50 @@ unsigned long __copy_from_user_ll_nocache_nozero(void *to, const void __user *fr
if (n > 64 && cpu_has_xmm2)
n = __copy_user_intel_nocache(to, from, n);
else
@@ -24839,10 +25262,10 @@ index 9f0614d..92ae64a 100644
p += get_opcode(p, &opcode);
for (i = 0; i < ARRAY_SIZE(imm_wop); i++)
diff --git a/arch/x86/mm/pgtable.c b/arch/x86/mm/pgtable.c
-index 8573b83..c3b1a30 100644
+index 8573b83..7d9628f 100644
--- a/arch/x86/mm/pgtable.c
+++ b/arch/x86/mm/pgtable.c
-@@ -84,10 +84,52 @@ static inline void pgd_list_del(pgd_t *pgd)
+@@ -84,10 +84,60 @@ static inline void pgd_list_del(pgd_t *pgd)
list_del(&page->lru);
}
@@ -24861,14 +25284,22 @@ index 8573b83..c3b1a30 100644
+#ifdef CONFIG_PAX_PER_CPU_PGD
+void __clone_user_pgds(pgd_t *dst, const pgd_t *src, int count)
+{
-+ while (count--)
++ while (count--) {
++ pgd_t pgd;
+
-+#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
-+ *dst++ = __pgd(pgd_val(*src++) & clone_pgd_mask);
++#ifdef CONFIG_X86_64
++ pgd = __pgd(pgd_val(*src++) | _PAGE_USER);
+#else
-+ *dst++ = *src++;
++ pgd = *src++;
+#endif
+
++#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
++ pgd = __pgd(pgd_val(pgd) & clone_pgd_mask);
++#endif
++
++ *dst++ = pgd;
++ }
++
+}
+#endif
+
@@ -24897,7 +25328,7 @@ index 8573b83..c3b1a30 100644
static void pgd_set_mm(pgd_t *pgd, struct mm_struct *mm)
{
BUILD_BUG_ON(sizeof(virt_to_page(pgd)->index) < sizeof(mm));
-@@ -128,6 +170,7 @@ static void pgd_dtor(pgd_t *pgd)
+@@ -128,6 +178,7 @@ static void pgd_dtor(pgd_t *pgd)
pgd_list_del(pgd);
spin_unlock(&pgd_lock);
}
@@ -24905,7 +25336,7 @@ index 8573b83..c3b1a30 100644
/*
* List of all pgd's needed for non-PAE so it can invalidate entries
-@@ -140,7 +183,7 @@ static void pgd_dtor(pgd_t *pgd)
+@@ -140,7 +191,7 @@ static void pgd_dtor(pgd_t *pgd)
* -- wli
*/
@@ -24914,7 +25345,7 @@ index 8573b83..c3b1a30 100644
/*
* In PAE mode, we need to do a cr3 reload (=tlb flush) when
* updating the top-level pagetable entries to guarantee the
-@@ -152,7 +195,7 @@ static void pgd_dtor(pgd_t *pgd)
+@@ -152,7 +203,7 @@ static void pgd_dtor(pgd_t *pgd)
* not shared between pagetables (!SHARED_KERNEL_PMDS), we allocate
* and initialize the kernel pmds here.
*/
@@ -24923,7 +25354,7 @@ index 8573b83..c3b1a30 100644
void pud_populate(struct mm_struct *mm, pud_t *pudp, pmd_t *pmd)
{
-@@ -170,36 +213,38 @@ void pud_populate(struct mm_struct *mm, pud_t *pudp, pmd_t *pmd)
+@@ -170,36 +221,38 @@ void pud_populate(struct mm_struct *mm, pud_t *pudp, pmd_t *pmd)
*/
flush_tlb_mm(mm);
}
@@ -24973,7 +25404,7 @@ index 8573b83..c3b1a30 100644
return -ENOMEM;
}
-@@ -212,51 +257,55 @@ static int preallocate_pmds(pmd_t *pmds[])
+@@ -212,51 +265,55 @@ static int preallocate_pmds(pmd_t *pmds[])
* preallocate which never got a corresponding vma will need to be
* freed manually.
*/
@@ -25046,7 +25477,7 @@ index 8573b83..c3b1a30 100644
pgd = (pgd_t *)__get_free_page(PGALLOC_GFP);
-@@ -265,11 +314,11 @@ pgd_t *pgd_alloc(struct mm_struct *mm)
+@@ -265,11 +322,11 @@ pgd_t *pgd_alloc(struct mm_struct *mm)
mm->pgd = pgd;
@@ -25060,7 +25491,7 @@ index 8573b83..c3b1a30 100644
/*
* Make sure that pre-populating the pmds is atomic with
-@@ -279,14 +328,14 @@ pgd_t *pgd_alloc(struct mm_struct *mm)
+@@ -279,14 +336,14 @@ pgd_t *pgd_alloc(struct mm_struct *mm)
spin_lock(&pgd_lock);
pgd_ctor(mm, pgd);
@@ -25078,7 +25509,7 @@ index 8573b83..c3b1a30 100644
out_free_pgd:
free_page((unsigned long)pgd);
out:
-@@ -295,7 +344,7 @@ out:
+@@ -295,7 +352,7 @@ out:
void pgd_free(struct mm_struct *mm, pgd_t *pgd)
{
@@ -25236,7 +25667,7 @@ index 6687022..ceabcfa 100644
+ pax_force_retaddr
ret
diff --git a/arch/x86/net/bpf_jit_comp.c b/arch/x86/net/bpf_jit_comp.c
-index 7c1b765..8c072c6 100644
+index 5a5b6e4..201d42e 100644
--- a/arch/x86/net/bpf_jit_comp.c
+++ b/arch/x86/net/bpf_jit_comp.c
@@ -117,6 +117,10 @@ static inline void bpf_flush_icache(void *start, void *end)
@@ -25261,16 +25692,25 @@ index 7c1b765..8c072c6 100644
/* Before first pass, make a rough estimation of addrs[]
* each bpf instruction is translated to less than 64 bytes
*/
-@@ -476,7 +484,7 @@ void bpf_jit_compile(struct sk_filter *fp)
- func = sk_load_word;
+@@ -477,7 +485,7 @@ void bpf_jit_compile(struct sk_filter *fp)
common_load: seen |= SEEN_DATAREF;
- if ((int)K < 0)
+ if ((int)K < 0) {
+ /* Abort the JIT because __load_pointer() is needed. */
- goto out;
+ goto error;
+ }
t_offset = func - (image + addrs[i]);
EMIT1_off32(0xbe, K); /* mov imm32,%esi */
- EMIT1_off32(0xe8, t_offset); /* call */
-@@ -586,17 +594,18 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i];
+@@ -492,7 +500,7 @@ common_load: seen |= SEEN_DATAREF;
+ case BPF_S_LDX_B_MSH:
+ if ((int)K < 0) {
+ /* Abort the JIT because __load_pointer() is needed. */
+- goto out;
++ goto error;
+ }
+ seen |= SEEN_DATAREF | SEEN_XREG;
+ t_offset = sk_load_byte_msh - (image + addrs[i]);
+@@ -582,17 +590,18 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i];
break;
default:
/* hmm, too complex filter, give up with jit compiler */
@@ -25293,7 +25733,7 @@ index 7c1b765..8c072c6 100644
}
proglen += ilen;
addrs[i] = proglen;
-@@ -617,11 +626,9 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i];
+@@ -613,11 +622,9 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i];
break;
}
if (proglen == oldproglen) {
@@ -25307,7 +25747,7 @@ index 7c1b765..8c072c6 100644
}
oldproglen = proglen;
}
-@@ -637,7 +644,10 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i];
+@@ -633,7 +640,10 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i];
bpf_flush_icache(image, image + proglen);
fp->bpf_func = (void *)image;
@@ -25319,7 +25759,7 @@ index 7c1b765..8c072c6 100644
out:
kfree(addrs);
return;
-@@ -645,18 +655,20 @@ out:
+@@ -641,18 +651,20 @@ out:
static void jit_free_defer(struct work_struct *arg)
{
@@ -25950,6 +26390,28 @@ index 475e2cd..1b8e708 100644
}
/* parse all the mtimer info to a static mtimer array */
+diff --git a/arch/x86/platform/uv/tlb_uv.c b/arch/x86/platform/uv/tlb_uv.c
+index 3ae0e61..4202d86 100644
+--- a/arch/x86/platform/uv/tlb_uv.c
++++ b/arch/x86/platform/uv/tlb_uv.c
+@@ -1424,6 +1424,8 @@ static ssize_t tunables_read(struct file *file, char __user *userbuf,
+ * 0: display meaning of the statistics
+ */
+ static ssize_t ptc_proc_write(struct file *file, const char __user *user,
++ size_t count, loff_t *data) __size_overflow(3);
++static ssize_t ptc_proc_write(struct file *file, const char __user *user,
+ size_t count, loff_t *data)
+ {
+ int cpu;
+@@ -1539,6 +1541,8 @@ static int parse_tunables_write(struct bau_control *bcp, char *instr,
+ * Handle a write to debugfs. (/sys/kernel/debug/sgi_uv/bau_tunables)
+ */
+ static ssize_t tunables_write(struct file *file, const char __user *user,
++ size_t count, loff_t *data) __size_overflow(3);
++static ssize_t tunables_write(struct file *file, const char __user *user,
+ size_t count, loff_t *data)
+ {
+ int cpu;
diff --git a/arch/x86/power/cpu.c b/arch/x86/power/cpu.c
index f10c0af..3ec1f95 100644
--- a/arch/x86/power/cpu.c
@@ -26603,6 +27065,91 @@ index 260fa80..e8f3caf 100644
if (in_len && copy_from_user(buffer, sic->data + cmdlen, in_len))
goto error;
+diff --git a/crypto/ablkcipher.c b/crypto/ablkcipher.c
+index a0f768c..1da9c73 100644
+--- a/crypto/ablkcipher.c
++++ b/crypto/ablkcipher.c
+@@ -307,6 +307,8 @@ int ablkcipher_walk_phys(struct ablkcipher_request *req,
+ EXPORT_SYMBOL_GPL(ablkcipher_walk_phys);
+
+ static int setkey_unaligned(struct crypto_ablkcipher *tfm, const u8 *key,
++ unsigned int keylen) __size_overflow(3);
++static int setkey_unaligned(struct crypto_ablkcipher *tfm, const u8 *key,
+ unsigned int keylen)
+ {
+ struct ablkcipher_alg *cipher = crypto_ablkcipher_alg(tfm);
+@@ -329,6 +331,8 @@ static int setkey_unaligned(struct crypto_ablkcipher *tfm, const u8 *key,
+ }
+
+ static int setkey(struct crypto_ablkcipher *tfm, const u8 *key,
++ unsigned int keylen) __size_overflow(3);
++static int setkey(struct crypto_ablkcipher *tfm, const u8 *key,
+ unsigned int keylen)
+ {
+ struct ablkcipher_alg *cipher = crypto_ablkcipher_alg(tfm);
+diff --git a/crypto/aead.c b/crypto/aead.c
+index 04add3dc..983032f 100644
+--- a/crypto/aead.c
++++ b/crypto/aead.c
+@@ -27,6 +27,8 @@
+ #include "internal.h"
+
+ static int setkey_unaligned(struct crypto_aead *tfm, const u8 *key,
++ unsigned int keylen) __size_overflow(3);
++static int setkey_unaligned(struct crypto_aead *tfm, const u8 *key,
+ unsigned int keylen)
+ {
+ struct aead_alg *aead = crypto_aead_alg(tfm);
+@@ -48,6 +50,7 @@ static int setkey_unaligned(struct crypto_aead *tfm, const u8 *key,
+ return ret;
+ }
+
++static int setkey(struct crypto_aead *tfm, const u8 *key, unsigned int keylen) __size_overflow(3);
+ static int setkey(struct crypto_aead *tfm, const u8 *key, unsigned int keylen)
+ {
+ struct aead_alg *aead = crypto_aead_alg(tfm);
+diff --git a/crypto/blkcipher.c b/crypto/blkcipher.c
+index 1e61d1a..cf06b86 100644
+--- a/crypto/blkcipher.c
++++ b/crypto/blkcipher.c
+@@ -359,6 +359,8 @@ int blkcipher_walk_virt_block(struct blkcipher_desc *desc,
+ EXPORT_SYMBOL_GPL(blkcipher_walk_virt_block);
+
+ static int setkey_unaligned(struct crypto_tfm *tfm, const u8 *key,
++ unsigned int keylen) __size_overflow(3);
++static int setkey_unaligned(struct crypto_tfm *tfm, const u8 *key,
+ unsigned int keylen)
+ {
+ struct blkcipher_alg *cipher = &tfm->__crt_alg->cra_blkcipher;
+@@ -380,6 +382,7 @@ static int setkey_unaligned(struct crypto_tfm *tfm, const u8 *key,
+ return ret;
+ }
+
++static int setkey(struct crypto_tfm *tfm, const u8 *key, unsigned int keylen) __size_overflow(3);
+ static int setkey(struct crypto_tfm *tfm, const u8 *key, unsigned int keylen)
+ {
+ struct blkcipher_alg *cipher = &tfm->__crt_alg->cra_blkcipher;
+diff --git a/crypto/cipher.c b/crypto/cipher.c
+index 39541e0..802d956 100644
+--- a/crypto/cipher.c
++++ b/crypto/cipher.c
+@@ -21,6 +21,8 @@
+ #include "internal.h"
+
+ static int setkey_unaligned(struct crypto_tfm *tfm, const u8 *key,
++ unsigned int keylen) __size_overflow(3);
++static int setkey_unaligned(struct crypto_tfm *tfm, const u8 *key,
+ unsigned int keylen)
+ {
+ struct cipher_alg *cia = &tfm->__crt_alg->cra_cipher;
+@@ -43,6 +45,7 @@ static int setkey_unaligned(struct crypto_tfm *tfm, const u8 *key,
+
+ }
+
++static int setkey(struct crypto_tfm *tfm, const u8 *key, unsigned int keylen) __size_overflow(3);
+ static int setkey(struct crypto_tfm *tfm, const u8 *key, unsigned int keylen)
+ {
+ struct cipher_alg *cia = &tfm->__crt_alg->cra_cipher;
diff --git a/crypto/cryptd.c b/crypto/cryptd.c
index 671d4d6..5f24030 100644
--- a/crypto/cryptd.c
@@ -26646,6 +27193,20 @@ index 5d41894..22021e4 100644
}
EXPORT_SYMBOL_GPL(cper_next_record_id);
+diff --git a/drivers/acpi/battery.c b/drivers/acpi/battery.c
+index 86933ca..5cb1a69 100644
+--- a/drivers/acpi/battery.c
++++ b/drivers/acpi/battery.c
+@@ -787,6 +787,9 @@ static int acpi_battery_print_alarm(struct seq_file *seq, int result)
+
+ static ssize_t acpi_battery_write_alarm(struct file *file,
+ const char __user * buffer,
++ size_t count, loff_t * ppos) __size_overflow(3);
++static ssize_t acpi_battery_write_alarm(struct file *file,
++ const char __user * buffer,
+ size_t count, loff_t * ppos)
+ {
+ int result = 0;
diff --git a/drivers/acpi/ec_sys.c b/drivers/acpi/ec_sys.c
index b258cab..3fb7da7 100644
--- a/drivers/acpi/ec_sys.c
@@ -26750,6 +27311,20 @@ index 8ae05ce..7dbbed9 100644
/*
* Buggy BIOS check
+diff --git a/drivers/acpi/sbs.c b/drivers/acpi/sbs.c
+index 6e36d0c..f319944 100644
+--- a/drivers/acpi/sbs.c
++++ b/drivers/acpi/sbs.c
+@@ -655,6 +655,9 @@ static int acpi_battery_read_alarm(struct seq_file *seq, void *offset)
+
+ static ssize_t
+ acpi_battery_write_alarm(struct file *file, const char __user * buffer,
++ size_t count, loff_t * ppos) __size_overflow(3);
++static ssize_t
++acpi_battery_write_alarm(struct file *file, const char __user * buffer,
+ size_t count, loff_t * ppos)
+ {
+ struct seq_file *seq = file->private_data;
diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c
index c06e0ec..a2c06ba 100644
--- a/drivers/ata/libata-core.c
@@ -28726,7 +29301,7 @@ index da3cfee..a5a6606 100644
*ppos = i;
diff --git a/drivers/char/random.c b/drivers/char/random.c
-index 54ca8b2..d58cb51 100644
+index 54ca8b2..4a092ed 100644
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -261,8 +261,13 @@
@@ -28779,6 +29354,25 @@ index 54ca8b2..d58cb51 100644
static int max_write_thresh = INPUT_POOL_WORDS * 32;
static char sysctl_bootid[16];
+@@ -1260,10 +1272,15 @@ static int proc_do_uuid(ctl_table *table, int write,
+ uuid = table->data;
+ if (!uuid) {
+ uuid = tmp_uuid;
+- uuid[8] = 0;
+- }
+- if (uuid[8] == 0)
+ generate_random_uuid(uuid);
++ } else {
++ static DEFINE_SPINLOCK(bootid_spinlock);
++
++ spin_lock(&bootid_spinlock);
++ if (!uuid[8])
++ generate_random_uuid(uuid);
++ spin_unlock(&bootid_spinlock);
++ }
+
+ sprintf(buf, "%pU", uuid);
+
diff --git a/drivers/char/sonypi.c b/drivers/char/sonypi.c
index 1ee8ce7..b778bef 100644
--- a/drivers/char/sonypi.c
@@ -28822,7 +29416,7 @@ index 1ee8ce7..b778bef 100644
return 0;
diff --git a/drivers/char/tpm/tpm.c b/drivers/char/tpm/tpm.c
-index 32362cf..32a96e9 100644
+index ad7c732..5aa8054 100644
--- a/drivers/char/tpm/tpm.c
+++ b/drivers/char/tpm/tpm.c
@@ -415,7 +415,7 @@ static ssize_t tpm_transmit(struct tpm_chip *chip, const char *buf,
@@ -29771,7 +30365,7 @@ index 5bd4361..0241a42 100644
INIT_WORK(&dev_priv->hotplug_work, i915_hotplug_work_func);
INIT_WORK(&dev_priv->error_work, i915_error_work_func);
diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c
-index 397087c..9178d0d 100644
+index 2163818..e536c3d 100644
--- a/drivers/gpu/drm/i915/intel_display.c
+++ b/drivers/gpu/drm/i915/intel_display.c
@@ -2238,7 +2238,7 @@ intel_pipe_set_base(struct drm_crtc *crtc, int x, int y,
@@ -30490,10 +31084,10 @@ index 8a8725c..afed796 100644
marker = list_first_entry(&queue->head,
struct vmw_marker, head);
diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
-index af08ce7..7a15038 100644
+index 75dbe34..f9204a8 100644
--- a/drivers/hid/hid-core.c
+++ b/drivers/hid/hid-core.c
-@@ -2020,7 +2020,7 @@ static bool hid_ignore(struct hid_device *hdev)
+@@ -2021,7 +2021,7 @@ static bool hid_ignore(struct hid_device *hdev)
int hid_add_device(struct hid_device *hdev)
{
@@ -30502,7 +31096,7 @@ index af08ce7..7a15038 100644
int ret;
if (WARN_ON(hdev->status & HID_STAT_ADDED))
-@@ -2035,7 +2035,7 @@ int hid_add_device(struct hid_device *hdev)
+@@ -2036,7 +2036,7 @@ int hid_add_device(struct hid_device *hdev)
/* XXX hack, any other cleaner solution after the driver core
* is converted to allow more than 20 bytes as the device name? */
dev_set_name(&hdev->dev, "%04X:%04X:%04X.%04X", hdev->bus,
@@ -31463,6 +32057,28 @@ index 40c8353..946b0e4 100644
}
PDBG("%s stag_state 0x%0x type 0x%0x pdid 0x%0x, stag_idx 0x%x\n",
__func__, stag_state, type, pdid, stag_idx);
+diff --git a/drivers/infiniband/hw/ipath/ipath_fs.c b/drivers/infiniband/hw/ipath/ipath_fs.c
+index a4de9d5..5fa20c3 100644
+--- a/drivers/infiniband/hw/ipath/ipath_fs.c
++++ b/drivers/infiniband/hw/ipath/ipath_fs.c
+@@ -126,6 +126,8 @@ static const struct file_operations atomic_counters_ops = {
+ };
+
+ static ssize_t flash_read(struct file *file, char __user *buf,
++ size_t count, loff_t *ppos) __size_overflow(3);
++static ssize_t flash_read(struct file *file, char __user *buf,
+ size_t count, loff_t *ppos)
+ {
+ struct ipath_devdata *dd;
+@@ -177,6 +179,8 @@ bail:
+ }
+
+ static ssize_t flash_write(struct file *file, const char __user *buf,
++ size_t count, loff_t *ppos) __size_overflow(3);
++static ssize_t flash_write(struct file *file, const char __user *buf,
+ size_t count, loff_t *ppos)
+ {
+ struct ipath_devdata *dd;
diff --git a/drivers/infiniband/hw/ipath/ipath_rc.c b/drivers/infiniband/hw/ipath/ipath_rc.c
index 79b3dbc..96e5fcc 100644
--- a/drivers/infiniband/hw/ipath/ipath_rc.c
@@ -31942,6 +32558,28 @@ index b881bdc..c2e360c 100644
#include "qib_common.h"
#include "qib_verbs.h"
+diff --git a/drivers/infiniband/hw/qib/qib_fs.c b/drivers/infiniband/hw/qib/qib_fs.c
+index 05e0f17..0275789 100644
+--- a/drivers/infiniband/hw/qib/qib_fs.c
++++ b/drivers/infiniband/hw/qib/qib_fs.c
+@@ -267,6 +267,8 @@ static const struct file_operations qsfp_ops[] = {
+ };
+
+ static ssize_t flash_read(struct file *file, char __user *buf,
++ size_t count, loff_t *ppos) __size_overflow(3);
++static ssize_t flash_read(struct file *file, char __user *buf,
+ size_t count, loff_t *ppos)
+ {
+ struct qib_devdata *dd;
+@@ -318,6 +320,8 @@ bail:
+ }
+
+ static ssize_t flash_write(struct file *file, const char __user *buf,
++ size_t count, loff_t *ppos) __size_overflow(3);
++static ssize_t flash_write(struct file *file, const char __user *buf,
+ size_t count, loff_t *ppos)
+ {
+ struct qib_devdata *dd;
diff --git a/drivers/input/gameport/gameport.c b/drivers/input/gameport/gameport.c
index c351aa4..e6967c2 100644
--- a/drivers/input/gameport/gameport.c
@@ -32312,6 +32950,18 @@ index b5fdcb7..5b6c59f 100644
end_switcher_text - start_switcher_text);
printk(KERN_INFO "lguest: mapped switcher at %p\n",
+diff --git a/drivers/lguest/lguest_user.c b/drivers/lguest/lguest_user.c
+index ff4a0bc..f5fdd9c 100644
+--- a/drivers/lguest/lguest_user.c
++++ b/drivers/lguest/lguest_user.c
+@@ -198,6 +198,7 @@ static int user_send_irq(struct lg_cpu *cpu, const unsigned long __user *input)
+ * Once our Guest is initialized, the Launcher makes it run by reading
+ * from /dev/lguest.
+ */
++static ssize_t read(struct file *file, char __user *user, size_t size,loff_t*o) __size_overflow(3);
+ static ssize_t read(struct file *file, char __user *user, size_t size,loff_t*o)
+ {
+ struct lguest *lg = file->private_data;
diff --git a/drivers/lguest/x86/core.c b/drivers/lguest/x86/core.c
index 3980903..ce25c5e 100644
--- a/drivers/lguest/x86/core.c
@@ -32446,7 +33096,7 @@ index 1ce84ed..0fdd40a 100644
DMWARN("name not supplied when creating device");
return -EINVAL;
diff --git a/drivers/md/dm-raid1.c b/drivers/md/dm-raid1.c
-index 9bfd057..01180bc 100644
+index 9bfd057..5373ff3 100644
--- a/drivers/md/dm-raid1.c
+++ b/drivers/md/dm-raid1.c
@@ -40,7 +40,7 @@ enum dm_raid1_error {
@@ -32503,7 +33153,18 @@ index 9bfd057..01180bc 100644
m = NULL;
if (likely(m))
-@@ -937,7 +937,7 @@ static int get_mirror(struct mirror_set *ms, struct dm_target *ti,
+@@ -848,6 +848,10 @@ static void do_mirror(struct work_struct *work)
+ static struct mirror_set *alloc_context(unsigned int nr_mirrors,
+ uint32_t region_size,
+ struct dm_target *ti,
++ struct dm_dirty_log *dl) __size_overflow(1);
++static struct mirror_set *alloc_context(unsigned int nr_mirrors,
++ uint32_t region_size,
++ struct dm_target *ti,
+ struct dm_dirty_log *dl)
+ {
+ size_t len;
+@@ -937,7 +941,7 @@ static int get_mirror(struct mirror_set *ms, struct dm_target *ti,
}
ms->mirror[mirror].ms = ms;
@@ -32512,7 +33173,7 @@ index 9bfd057..01180bc 100644
ms->mirror[mirror].error_type = 0;
ms->mirror[mirror].offset = offset;
-@@ -1347,7 +1347,7 @@ static void mirror_resume(struct dm_target *ti)
+@@ -1347,7 +1351,7 @@ static void mirror_resume(struct dm_target *ti)
*/
static char device_status_char(struct mirror *m)
{
@@ -32522,7 +33183,7 @@ index 9bfd057..01180bc 100644
return (test_bit(DM_RAID1_FLUSH_ERROR, &(m->error_type))) ? 'F' :
diff --git a/drivers/md/dm-stripe.c b/drivers/md/dm-stripe.c
-index 3d80cf0..b77cc47 100644
+index 3d80cf0..7d98e1a 100644
--- a/drivers/md/dm-stripe.c
+++ b/drivers/md/dm-stripe.c
@@ -20,7 +20,7 @@ struct stripe {
@@ -32534,7 +33195,15 @@ index 3d80cf0..b77cc47 100644
};
struct stripe_c {
-@@ -192,7 +192,7 @@ static int stripe_ctr(struct dm_target *ti, unsigned int argc, char **argv)
+@@ -55,6 +55,7 @@ static void trigger_event(struct work_struct *work)
+ dm_table_event(sc->ti->table);
+ }
+
++static inline struct stripe_c *alloc_context(unsigned int stripes) __size_overflow(1);
+ static inline struct stripe_c *alloc_context(unsigned int stripes)
+ {
+ size_t len;
+@@ -192,7 +193,7 @@ static int stripe_ctr(struct dm_target *ti, unsigned int argc, char **argv)
kfree(sc);
return r;
}
@@ -32543,7 +33212,7 @@ index 3d80cf0..b77cc47 100644
}
ti->private = sc;
-@@ -314,7 +314,7 @@ static int stripe_status(struct dm_target *ti,
+@@ -314,7 +315,7 @@ static int stripe_status(struct dm_target *ti,
DMEMIT("%d ", sc->stripes);
for (i = 0; i < sc->stripes; i++) {
DMEMIT("%s ", sc->stripe[i].dev->name);
@@ -32552,7 +33221,7 @@ index 3d80cf0..b77cc47 100644
'D' : 'A';
}
buffer[i] = '\0';
-@@ -361,8 +361,8 @@ static int stripe_end_io(struct dm_target *ti, struct bio *bio,
+@@ -361,8 +362,8 @@ static int stripe_end_io(struct dm_target *ti, struct bio *bio,
*/
for (i = 0; i < sc->stripes; i++)
if (!strcmp(sc->stripe[i].dev->name, major_minor)) {
@@ -32657,7 +33326,7 @@ index b89c548..2af3ce4 100644
void dm_uevent_add(struct mapped_device *md, struct list_head *elist)
diff --git a/drivers/md/md.c b/drivers/md/md.c
-index ce88755..4d8686d 100644
+index 6acc846..80a6b96 100644
--- a/drivers/md/md.c
+++ b/drivers/md/md.c
@@ -277,10 +277,10 @@ EXPORT_SYMBOL_GPL(md_trim_bio);
@@ -32700,7 +33369,7 @@ index ce88755..4d8686d 100644
sb->raid_disks = cpu_to_le32(mddev->raid_disks);
sb->size = cpu_to_le64(mddev->dev_sectors);
-@@ -2688,7 +2688,7 @@ __ATTR(state, S_IRUGO|S_IWUSR, state_show, state_store);
+@@ -2689,7 +2689,7 @@ __ATTR(state, S_IRUGO|S_IWUSR, state_show, state_store);
static ssize_t
errors_show(struct md_rdev *rdev, char *page)
{
@@ -32709,7 +33378,7 @@ index ce88755..4d8686d 100644
}
static ssize_t
-@@ -2697,7 +2697,7 @@ errors_store(struct md_rdev *rdev, const char *buf, size_t len)
+@@ -2698,7 +2698,7 @@ errors_store(struct md_rdev *rdev, const char *buf, size_t len)
char *e;
unsigned long n = simple_strtoul(buf, &e, 10);
if (*buf && (*e == 0 || *e == '\n')) {
@@ -32718,7 +33387,7 @@ index ce88755..4d8686d 100644
return len;
}
return -EINVAL;
-@@ -3083,8 +3083,8 @@ int md_rdev_init(struct md_rdev *rdev)
+@@ -3084,8 +3084,8 @@ int md_rdev_init(struct md_rdev *rdev)
rdev->sb_loaded = 0;
rdev->bb_page = NULL;
atomic_set(&rdev->nr_pending, 0);
@@ -32729,7 +33398,7 @@ index ce88755..4d8686d 100644
INIT_LIST_HEAD(&rdev->same_set);
init_waitqueue_head(&rdev->blocked_wait);
-@@ -6735,7 +6735,7 @@ static int md_seq_show(struct seq_file *seq, void *v)
+@@ -6736,7 +6736,7 @@ static int md_seq_show(struct seq_file *seq, void *v)
spin_unlock(&pers_lock);
seq_printf(seq, "\n");
@@ -32738,7 +33407,7 @@ index ce88755..4d8686d 100644
return 0;
}
if (v == (void*)2) {
-@@ -6827,7 +6827,7 @@ static int md_seq_show(struct seq_file *seq, void *v)
+@@ -6828,7 +6828,7 @@ static int md_seq_show(struct seq_file *seq, void *v)
chunk_kb ? "KB" : "B");
if (bitmap->file) {
seq_printf(seq, ", file: ");
@@ -32747,7 +33416,7 @@ index ce88755..4d8686d 100644
}
seq_printf(seq, "\n");
-@@ -6858,7 +6858,7 @@ static int md_seq_open(struct inode *inode, struct file *file)
+@@ -6859,7 +6859,7 @@ static int md_seq_open(struct inode *inode, struct file *file)
return error;
seq = file->private_data;
@@ -32756,7 +33425,7 @@ index ce88755..4d8686d 100644
return error;
}
-@@ -6872,7 +6872,7 @@ static unsigned int mdstat_poll(struct file *filp, poll_table *wait)
+@@ -6873,7 +6873,7 @@ static unsigned int mdstat_poll(struct file *filp, poll_table *wait)
/* always allow read */
mask = POLLIN | POLLRDNORM;
@@ -32765,7 +33434,7 @@ index ce88755..4d8686d 100644
mask |= POLLERR | POLLPRI;
return mask;
}
-@@ -6916,7 +6916,7 @@ static int is_mddev_idle(struct mddev *mddev, int init)
+@@ -6917,7 +6917,7 @@ static int is_mddev_idle(struct mddev *mddev, int init)
struct gendisk *disk = rdev->bdev->bd_contains->bd_disk;
curr_events = (int)part_stat_read(&disk->part0, sectors[0]) +
(int)part_stat_read(&disk->part0, sectors[1]) -
@@ -32855,10 +33524,10 @@ index 1cbfc6b..56e1dbb 100644
/*----------------------------------------------------------------*/
diff --git a/drivers/md/raid1.c b/drivers/md/raid1.c
-index a0b225e..a9be913 100644
+index 118e0f6..210c4d7 100644
--- a/drivers/md/raid1.c
+++ b/drivers/md/raid1.c
-@@ -1632,7 +1632,7 @@ static int fix_sync_read_error(struct r1bio *r1_bio)
+@@ -1645,7 +1645,7 @@ static int fix_sync_read_error(struct r1bio *r1_bio)
if (r1_sync_page_io(rdev, sect, s,
bio->bi_io_vec[idx].bv_page,
READ) != 0)
@@ -32867,7 +33536,7 @@ index a0b225e..a9be913 100644
}
sectors -= s;
sect += s;
-@@ -1845,7 +1845,7 @@ static void fix_read_error(struct r1conf *conf, int read_disk,
+@@ -1858,7 +1858,7 @@ static void fix_read_error(struct r1conf *conf, int read_disk,
test_bit(In_sync, &rdev->flags)) {
if (r1_sync_page_io(rdev, sect, s,
conf->tmppage, READ)) {
@@ -32877,10 +33546,10 @@ index a0b225e..a9be913 100644
"md/raid1:%s: read error corrected "
"(%d sectors at %llu on %s)\n",
diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c
-index 58c44d6..f090bad 100644
+index be7101d..f23ba30 100644
--- a/drivers/md/raid10.c
+++ b/drivers/md/raid10.c
-@@ -1623,7 +1623,7 @@ static void end_sync_read(struct bio *bio, int error)
+@@ -1636,7 +1636,7 @@ static void end_sync_read(struct bio *bio, int error)
/* The write handler will notice the lack of
* R10BIO_Uptodate and record any errors etc
*/
@@ -32889,7 +33558,7 @@ index 58c44d6..f090bad 100644
&conf->mirrors[d].rdev->corrected_errors);
/* for reconstruct, we always reschedule after a read.
-@@ -1974,7 +1974,7 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev)
+@@ -1987,7 +1987,7 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev)
{
struct timespec cur_time_mon;
unsigned long hours_since_last;
@@ -32898,7 +33567,7 @@ index 58c44d6..f090bad 100644
ktime_get_ts(&cur_time_mon);
-@@ -1996,9 +1996,9 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev)
+@@ -2009,9 +2009,9 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev)
* overflowing the shift of read_errors by hours_since_last.
*/
if (hours_since_last >= 8 * sizeof(read_errors))
@@ -32910,7 +33579,7 @@ index 58c44d6..f090bad 100644
}
static int r10_sync_page_io(struct md_rdev *rdev, sector_t sector,
-@@ -2052,8 +2052,8 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10
+@@ -2065,8 +2065,8 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10
return;
check_decay_read_errors(mddev, rdev);
@@ -32921,7 +33590,7 @@ index 58c44d6..f090bad 100644
char b[BDEVNAME_SIZE];
bdevname(rdev->bdev, b);
-@@ -2061,7 +2061,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10
+@@ -2074,7 +2074,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10
"md/raid10:%s: %s: Raid device exceeded "
"read_error threshold [cur %d:max %d]\n",
mdname(mddev), b,
@@ -32930,7 +33599,7 @@ index 58c44d6..f090bad 100644
printk(KERN_NOTICE
"md/raid10:%s: %s: Failing raid device\n",
mdname(mddev), b);
-@@ -2210,7 +2210,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10
+@@ -2223,7 +2223,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10
(unsigned long long)(
sect + rdev->data_offset),
bdevname(rdev->bdev, b));
@@ -33092,6 +33761,44 @@ index 9cde353..8c6a1c3 100644
struct i2c_client i2c_client;
u32 i2c_rc;
+diff --git a/drivers/media/video/cpia2/cpia2_core.c b/drivers/media/video/cpia2/cpia2_core.c
+index ee91e295..04ad048 100644
+--- a/drivers/media/video/cpia2/cpia2_core.c
++++ b/drivers/media/video/cpia2/cpia2_core.c
+@@ -86,6 +86,7 @@ static inline unsigned long kvirt_to_pa(unsigned long adr)
+ return ret;
+ }
+
++static void *rvmalloc(unsigned long size) __size_overflow(1);
+ static void *rvmalloc(unsigned long size)
+ {
+ void *mem;
+diff --git a/drivers/media/video/cx18/cx18-alsa-pcm.c b/drivers/media/video/cx18/cx18-alsa-pcm.c
+index 82d195b..181103c 100644
+--- a/drivers/media/video/cx18/cx18-alsa-pcm.c
++++ b/drivers/media/video/cx18/cx18-alsa-pcm.c
+@@ -229,6 +229,8 @@ static int snd_cx18_pcm_ioctl(struct snd_pcm_substream *substream,
+
+
+ static int snd_pcm_alloc_vmalloc_buffer(struct snd_pcm_substream *subs,
++ size_t size) __size_overflow(2);
++static int snd_pcm_alloc_vmalloc_buffer(struct snd_pcm_substream *subs,
+ size_t size)
+ {
+ struct snd_pcm_runtime *runtime = subs->runtime;
+diff --git a/drivers/media/video/cx231xx/cx231xx-audio.c b/drivers/media/video/cx231xx/cx231xx-audio.c
+index a2c2b7d..8f1bec7 100644
+--- a/drivers/media/video/cx231xx/cx231xx-audio.c
++++ b/drivers/media/video/cx231xx/cx231xx-audio.c
+@@ -389,6 +389,8 @@ static int cx231xx_init_audio_bulk(struct cx231xx *dev)
+ }
+
+ static int snd_pcm_alloc_vmalloc_buffer(struct snd_pcm_substream *subs,
++ size_t size) __size_overflow(2);
++static int snd_pcm_alloc_vmalloc_buffer(struct snd_pcm_substream *subs,
+ size_t size)
+ {
+ struct snd_pcm_runtime *runtime = subs->runtime;
diff --git a/drivers/media/video/cx88/cx88-alsa.c b/drivers/media/video/cx88/cx88-alsa.c
index 04bf662..e0ac026 100644
--- a/drivers/media/video/cx88/cx88-alsa.c
@@ -33105,6 +33812,31 @@ index 04bf662..e0ac026 100644
{0x14f1,0x8801,PCI_ANY_ID,PCI_ANY_ID,0,0,0},
{0x14f1,0x8811,PCI_ANY_ID,PCI_ANY_ID,0,0,0},
{0, }
+diff --git a/drivers/media/video/em28xx/em28xx-audio.c b/drivers/media/video/em28xx/em28xx-audio.c
+index e2a7b77..753d0ee 100644
+--- a/drivers/media/video/em28xx/em28xx-audio.c
++++ b/drivers/media/video/em28xx/em28xx-audio.c
+@@ -225,6 +225,8 @@ static int em28xx_init_audio_isoc(struct em28xx *dev)
+ }
+
+ static int snd_pcm_alloc_vmalloc_buffer(struct snd_pcm_substream *subs,
++ size_t size) __size_overflow(2);
++static int snd_pcm_alloc_vmalloc_buffer(struct snd_pcm_substream *subs,
+ size_t size)
+ {
+ struct snd_pcm_runtime *runtime = subs->runtime;
+diff --git a/drivers/media/video/meye.c b/drivers/media/video/meye.c
+index b09a3c8..6dcba0a 100644
+--- a/drivers/media/video/meye.c
++++ b/drivers/media/video/meye.c
+@@ -72,6 +72,7 @@ static struct meye meye;
+ /****************************************************************************/
+ /* Memory allocation routines (stolen from bttv-driver.c) */
+ /****************************************************************************/
++static void *rvmalloc(unsigned long size) __size_overflow(1);
+ static void *rvmalloc(unsigned long size)
+ {
+ void *mem;
diff --git a/drivers/media/video/omap/omap_vout.c b/drivers/media/video/omap/omap_vout.c
index 1fb7d5b..3901e77 100644
--- a/drivers/media/video/omap/omap_vout.c
@@ -33154,6 +33886,32 @@ index 305e6aa..0143317 100644
pvr2_i2c_func i2c_func[PVR2_I2C_FUNC_CNT];
int i2c_cx25840_hack_state;
int i2c_linked;
+diff --git a/drivers/media/video/saa7164/saa7164-encoder.c b/drivers/media/video/saa7164/saa7164-encoder.c
+index 2fd38a0..ddec3c4 100644
+--- a/drivers/media/video/saa7164/saa7164-encoder.c
++++ b/drivers/media/video/saa7164/saa7164-encoder.c
+@@ -1136,6 +1136,8 @@ struct saa7164_user_buffer *saa7164_enc_next_buf(struct saa7164_port *port)
+ }
+
+ static ssize_t fops_read(struct file *file, char __user *buffer,
++ size_t count, loff_t *pos) __size_overflow(3);
++static ssize_t fops_read(struct file *file, char __user *buffer,
+ size_t count, loff_t *pos)
+ {
+ struct saa7164_encoder_fh *fh = file->private_data;
+diff --git a/drivers/media/video/saa7164/saa7164-vbi.c b/drivers/media/video/saa7164/saa7164-vbi.c
+index e2e0341..b80056c 100644
+--- a/drivers/media/video/saa7164/saa7164-vbi.c
++++ b/drivers/media/video/saa7164/saa7164-vbi.c
+@@ -1081,6 +1081,8 @@ struct saa7164_user_buffer *saa7164_vbi_next_buf(struct saa7164_port *port)
+ }
+
+ static ssize_t fops_read(struct file *file, char __user *buffer,
++ size_t count, loff_t *pos) __size_overflow(3);
++static ssize_t fops_read(struct file *file, char __user *buffer,
+ size_t count, loff_t *pos)
+ {
+ struct saa7164_vbi_fh *fh = file->private_data;
diff --git a/drivers/media/video/timblogiw.c b/drivers/media/video/timblogiw.c
index 4ed1c7c2..8f15e13 100644
--- a/drivers/media/video/timblogiw.c
@@ -33176,6 +33934,42 @@ index 4ed1c7c2..8f15e13 100644
.owner = THIS_MODULE,
.open = timblogiw_open,
.release = timblogiw_close,
+diff --git a/drivers/media/video/videobuf-dma-contig.c b/drivers/media/video/videobuf-dma-contig.c
+index c969111..a7910f4 100644
+--- a/drivers/media/video/videobuf-dma-contig.c
++++ b/drivers/media/video/videobuf-dma-contig.c
+@@ -184,6 +184,7 @@ static int videobuf_dma_contig_user_get(struct videobuf_dma_contig_memory *mem,
+ return ret;
+ }
+
++static struct videobuf_buffer *__videobuf_alloc_vb(size_t size) __size_overflow(1);
+ static struct videobuf_buffer *__videobuf_alloc_vb(size_t size)
+ {
+ struct videobuf_dma_contig_memory *mem;
+diff --git a/drivers/media/video/videobuf-dma-sg.c b/drivers/media/video/videobuf-dma-sg.c
+index f300dea..5fc9c4a 100644
+--- a/drivers/media/video/videobuf-dma-sg.c
++++ b/drivers/media/video/videobuf-dma-sg.c
+@@ -419,6 +419,7 @@ static const struct vm_operations_struct videobuf_vm_ops = {
+ struct videobuf_dma_sg_memory
+ */
+
++static struct videobuf_buffer *__videobuf_alloc_vb(size_t size) __size_overflow(1);
+ static struct videobuf_buffer *__videobuf_alloc_vb(size_t size)
+ {
+ struct videobuf_dma_sg_memory *mem;
+diff --git a/drivers/media/video/videobuf-vmalloc.c b/drivers/media/video/videobuf-vmalloc.c
+index df14258..12cc7a3 100644
+--- a/drivers/media/video/videobuf-vmalloc.c
++++ b/drivers/media/video/videobuf-vmalloc.c
+@@ -135,6 +135,7 @@ static const struct vm_operations_struct videobuf_vm_ops = {
+ struct videobuf_dma_sg_memory
+ */
+
++static struct videobuf_buffer *__videobuf_alloc_vb(size_t size) __size_overflow(1);
+ static struct videobuf_buffer *__videobuf_alloc_vb(size_t size)
+ {
+ struct videobuf_vmalloc_memory *mem;
diff --git a/drivers/message/fusion/mptbase.c b/drivers/message/fusion/mptbase.c
index a7dc467..a55c423 100644
--- a/drivers/message/fusion/mptbase.c
@@ -33754,7 +34548,7 @@ index 6ebdc40..9edf5d8 100644
.vendor = PCI_VENDOR_ID_RICOH,
.device = PCI_DEVICE_ID_RICOH_R5C822,
diff --git a/drivers/mtd/devices/doc2000.c b/drivers/mtd/devices/doc2000.c
-index b1cdf64..ce6e438 100644
+index 87a431c..4959b43 100644
--- a/drivers/mtd/devices/doc2000.c
+++ b/drivers/mtd/devices/doc2000.c
@@ -764,7 +764,7 @@ static int doc_write(struct mtd_info *mtd, loff_t to, size_t len,
@@ -33767,7 +34561,7 @@ index b1cdf64..ce6e438 100644
"ECC needs a full sector write (adr: %lx size %lx)\n",
(long) to, (long) len);
diff --git a/drivers/mtd/devices/doc2001.c b/drivers/mtd/devices/doc2001.c
-index 7543b98..7069947 100644
+index 9eacf67..4534b5b 100644
--- a/drivers/mtd/devices/doc2001.c
+++ b/drivers/mtd/devices/doc2001.c
@@ -384,7 +384,7 @@ static int doc_read (struct mtd_info *mtd, loff_t from, size_t len,
@@ -33803,49 +34597,19 @@ index 51b9d6a..52af9a7 100644
#include <linux/mtd/mtd.h>
#include <linux/mtd/nand.h>
#include <linux/mtd/nftl.h>
-diff --git a/drivers/mtd/ubi/build.c b/drivers/mtd/ubi/build.c
-index 115749f..3021f01 100644
---- a/drivers/mtd/ubi/build.c
-+++ b/drivers/mtd/ubi/build.c
-@@ -1311,7 +1311,7 @@ module_exit(ubi_exit);
- static int __init bytes_str_to_int(const char *str)
- {
- char *endp;
-- unsigned long result;
-+ unsigned long result, scale = 1;
-
- result = simple_strtoul(str, &endp, 0);
- if (str == endp || result >= INT_MAX) {
-@@ -1322,11 +1322,11 @@ static int __init bytes_str_to_int(const char *str)
-
- switch (*endp) {
- case 'G':
-- result *= 1024;
-+ scale *= 1024;
- case 'M':
-- result *= 1024;
-+ scale *= 1024;
- case 'K':
-- result *= 1024;
-+ scale *= 1024;
- if (endp[1] == 'i' && endp[2] == 'B')
- endp += 2;
- case '\0':
-@@ -1337,7 +1337,13 @@ static int __init bytes_str_to_int(const char *str)
- return -EINVAL;
- }
-
-- return result;
-+ if ((intoverflow_t)result*scale >= INT_MAX) {
-+ printk(KERN_ERR "UBI error: incorrect bytes count: \"%s\"\n",
-+ str);
-+ return -EINVAL;
-+ }
-+
-+ return result*scale;
- }
-
- /**
+diff --git a/drivers/mtd/ubi/debug.c b/drivers/mtd/ubi/debug.c
+index e2cdebf..d48183a 100644
+--- a/drivers/mtd/ubi/debug.c
++++ b/drivers/mtd/ubi/debug.c
+@@ -338,6 +338,8 @@ out:
+
+ /* Write an UBI debugfs file */
+ static ssize_t dfs_file_write(struct file *file, const char __user *user_buf,
++ size_t count, loff_t *ppos) __size_overflow(3);
++static ssize_t dfs_file_write(struct file *file, const char __user *user_buf,
+ size_t count, loff_t *ppos)
+ {
+ unsigned long ubi_num = (unsigned long)file->private_data;
diff --git a/drivers/net/ethernet/atheros/atlx/atl2.c b/drivers/net/ethernet/atheros/atlx/atl2.c
index 071f4c8..440862e 100644
--- a/drivers/net/ethernet/atheros/atlx/atl2.c
@@ -33884,6 +34648,19 @@ index aea8f72..fcebf75 100644
#define CHIPREV_ID_5750_C2 0x4202
#define CHIPREV_ID_5752_A0_HW 0x5000
#define CHIPREV_ID_5752_A0 0x6000
+diff --git a/drivers/net/ethernet/chelsio/cxgb/sge.c b/drivers/net/ethernet/chelsio/cxgb/sge.c
+index 47a8435..248e4b3 100644
+--- a/drivers/net/ethernet/chelsio/cxgb/sge.c
++++ b/drivers/net/ethernet/chelsio/cxgb/sge.c
+@@ -1052,6 +1052,8 @@ MODULE_PARM_DESC(copybreak, "Receive copy threshold");
+ * be copied but there is no memory for the copy.
+ */
+ static inline struct sk_buff *get_packet(struct pci_dev *pdev,
++ struct freelQ *fl, unsigned int len) __size_overflow(3);
++static inline struct sk_buff *get_packet(struct pci_dev *pdev,
+ struct freelQ *fl, unsigned int len)
+ {
+ struct sk_buff *skb;
diff --git a/drivers/net/ethernet/chelsio/cxgb3/l2t.h b/drivers/net/ethernet/chelsio/cxgb3/l2t.h
index c4e8643..0979484 100644
--- a/drivers/net/ethernet/chelsio/cxgb3/l2t.h
@@ -33897,6 +34674,56 @@ index c4e8643..0979484 100644
#define L2T_SKB_CB(skb) ((struct l2t_skb_cb *)(skb)->cb)
+diff --git a/drivers/net/ethernet/chelsio/cxgb3/sge.c b/drivers/net/ethernet/chelsio/cxgb3/sge.c
+index cfb60e1..94af340 100644
+--- a/drivers/net/ethernet/chelsio/cxgb3/sge.c
++++ b/drivers/net/ethernet/chelsio/cxgb3/sge.c
+@@ -611,6 +611,8 @@ static void recycle_rx_buf(struct adapter *adap, struct sge_fl *q,
+ * of the SW ring.
+ */
+ static void *alloc_ring(struct pci_dev *pdev, size_t nelem, size_t elem_size,
++ size_t sw_size, dma_addr_t * phys, void *metadata) __size_overflow(2,4);
++static void *alloc_ring(struct pci_dev *pdev, size_t nelem, size_t elem_size,
+ size_t sw_size, dma_addr_t * phys, void *metadata)
+ {
+ size_t len = nelem * elem_size;
+@@ -777,6 +779,8 @@ static inline unsigned int flits_to_desc(unsigned int n)
+ * be copied but there is no memory for the copy.
+ */
+ static struct sk_buff *get_packet(struct adapter *adap, struct sge_fl *fl,
++ unsigned int len, unsigned int drop_thres) __size_overflow(3);
++static struct sk_buff *get_packet(struct adapter *adap, struct sge_fl *fl,
+ unsigned int len, unsigned int drop_thres)
+ {
+ struct sk_buff *skb = NULL;
+diff --git a/drivers/net/ethernet/chelsio/cxgb4/sge.c b/drivers/net/ethernet/chelsio/cxgb4/sge.c
+index 2dae795..73037d2 100644
+--- a/drivers/net/ethernet/chelsio/cxgb4/sge.c
++++ b/drivers/net/ethernet/chelsio/cxgb4/sge.c
+@@ -593,6 +593,9 @@ static inline void __refill_fl(struct adapter *adap, struct sge_fl *fl)
+ */
+ static void *alloc_ring(struct device *dev, size_t nelem, size_t elem_size,
+ size_t sw_size, dma_addr_t *phys, void *metadata,
++ size_t stat_size, int node) __size_overflow(2,4);
++static void *alloc_ring(struct device *dev, size_t nelem, size_t elem_size,
++ size_t sw_size, dma_addr_t *phys, void *metadata,
+ size_t stat_size, int node)
+ {
+ size_t len = nelem * elem_size + stat_size;
+diff --git a/drivers/net/ethernet/chelsio/cxgb4vf/sge.c b/drivers/net/ethernet/chelsio/cxgb4vf/sge.c
+index 0bd585b..d954ca5 100644
+--- a/drivers/net/ethernet/chelsio/cxgb4vf/sge.c
++++ b/drivers/net/ethernet/chelsio/cxgb4vf/sge.c
+@@ -729,6 +729,9 @@ static inline void __refill_fl(struct adapter *adapter, struct sge_fl *fl)
+ */
+ static void *alloc_ring(struct device *dev, size_t nelem, size_t hwsize,
+ size_t swsize, dma_addr_t *busaddrp, void *swringp,
++ size_t stat_size) __size_overflow(2,4);
++static void *alloc_ring(struct device *dev, size_t nelem, size_t hwsize,
++ size_t swsize, dma_addr_t *busaddrp, void *swringp,
+ size_t stat_size)
+ {
+ /*
diff --git a/drivers/net/ethernet/dec/tulip/de4x5.c b/drivers/net/ethernet/dec/tulip/de4x5.c
index 4d71f5a..8004440 100644
--- a/drivers/net/ethernet/dec/tulip/de4x5.c
@@ -34297,7 +35124,7 @@ index 25c951d..cc7cf33 100644
u32 timeout;
u32 udelay;
diff --git a/drivers/net/ethernet/mellanox/mlx4/main.c b/drivers/net/ethernet/mellanox/mlx4/main.c
-index d498f04..1b49bed 100644
+index 8bf22b6..7f5baaa 100644
--- a/drivers/net/ethernet/mellanox/mlx4/main.c
+++ b/drivers/net/ethernet/mellanox/mlx4/main.c
@@ -41,6 +41,7 @@
@@ -34633,6 +35460,20 @@ index efc0111..79c8f5b 100644
struct ath_common;
struct ath_bus_ops;
+diff --git a/drivers/net/wireless/ath/ath5k/debug.c b/drivers/net/wireless/ath/ath5k/debug.c
+index 8c5ce8b..abf101b 100644
+--- a/drivers/net/wireless/ath/ath5k/debug.c
++++ b/drivers/net/wireless/ath/ath5k/debug.c
+@@ -343,6 +343,9 @@ static ssize_t read_file_debug(struct file *file, char __user *user_buf,
+
+ static ssize_t write_file_debug(struct file *file,
+ const char __user *userbuf,
++ size_t count, loff_t *ppos) __size_overflow(3);
++static ssize_t write_file_debug(struct file *file,
++ const char __user *userbuf,
+ size_t count, loff_t *ppos)
+ {
+ struct ath5k_hw *ah = file->private_data;
diff --git a/drivers/net/wireless/ath/ath9k/ar9002_mac.c b/drivers/net/wireless/ath/ath9k/ar9002_mac.c
index 7b6417b..ab5db98 100644
--- a/drivers/net/wireless/ath/ath9k/ar9002_mac.c
@@ -34838,6 +35679,32 @@ index 09b8c9d..905339e 100644
}
static u16 ar9003_calc_ptr_chksum(struct ar9003_txc *ads)
+diff --git a/drivers/net/wireless/ath/ath9k/debug.c b/drivers/net/wireless/ath/ath9k/debug.c
+index 68d972b..1d9205b 100644
+--- a/drivers/net/wireless/ath/ath9k/debug.c
++++ b/drivers/net/wireless/ath/ath9k/debug.c
+@@ -60,6 +60,8 @@ static ssize_t read_file_debug(struct file *file, char __user *user_buf,
+ }
+
+ static ssize_t write_file_debug(struct file *file, const char __user *user_buf,
++ size_t count, loff_t *ppos) __size_overflow(3);
++static ssize_t write_file_debug(struct file *file, const char __user *user_buf,
+ size_t count, loff_t *ppos)
+ {
+ struct ath_softc *sc = file->private_data;
+diff --git a/drivers/net/wireless/ath/ath9k/htc_drv_debug.c b/drivers/net/wireless/ath/ath9k/htc_drv_debug.c
+index d3ff33c..c98bcda 100644
+--- a/drivers/net/wireless/ath/ath9k/htc_drv_debug.c
++++ b/drivers/net/wireless/ath/ath9k/htc_drv_debug.c
+@@ -464,6 +464,8 @@ static ssize_t read_file_debug(struct file *file, char __user *user_buf,
+ }
+
+ static ssize_t write_file_debug(struct file *file, const char __user *user_buf,
++ size_t count, loff_t *ppos) __size_overflow(3);
++static ssize_t write_file_debug(struct file *file, const char __user *user_buf,
+ size_t count, loff_t *ppos)
+ {
+ struct ath9k_htc_priv *priv = file->private_data;
diff --git a/drivers/net/wireless/ath/ath9k/hw.h b/drivers/net/wireless/ath/ath9k/hw.h
index c8261d4..8d88929 100644
--- a/drivers/net/wireless/ath/ath9k/hw.h
@@ -34883,10 +35750,10 @@ index af00e2c..ab04d34 100644
struct brcms_phy {
struct brcms_phy_pub pubpi_ro;
diff --git a/drivers/net/wireless/iwlegacy/3945-mac.c b/drivers/net/wireless/iwlegacy/3945-mac.c
-index a7dfba8..e28eacd 100644
+index a2ec369..36fdf14 100644
--- a/drivers/net/wireless/iwlegacy/3945-mac.c
+++ b/drivers/net/wireless/iwlegacy/3945-mac.c
-@@ -3647,7 +3647,9 @@ il3945_pci_probe(struct pci_dev *pdev, const struct pci_device_id *ent)
+@@ -3646,7 +3646,9 @@ il3945_pci_probe(struct pci_dev *pdev, const struct pci_device_id *ent)
*/
if (il3945_mod_params.disable_hw_scan) {
D_INFO("Disabling hw_scan\n");
@@ -35035,6 +35902,42 @@ index ed2c3ec..deda85a 100644
start_switch_worker();
}
+diff --git a/drivers/oprofile/oprofile_files.c b/drivers/oprofile/oprofile_files.c
+index 84a208d..f07d177 100644
+--- a/drivers/oprofile/oprofile_files.c
++++ b/drivers/oprofile/oprofile_files.c
+@@ -36,6 +36,8 @@ static ssize_t timeout_read(struct file *file, char __user *buf,
+
+
+ static ssize_t timeout_write(struct file *file, char const __user *buf,
++ size_t count, loff_t *offset) __size_overflow(3);
++static ssize_t timeout_write(struct file *file, char const __user *buf,
+ size_t count, loff_t *offset)
+ {
+ unsigned long val;
+@@ -72,6 +74,7 @@ static ssize_t depth_read(struct file *file, char __user *buf, size_t count, lof
+ }
+
+
++static ssize_t depth_write(struct file *file, char const __user *buf, size_t count, loff_t *offset) __size_overflow(3);
+ static ssize_t depth_write(struct file *file, char const __user *buf, size_t count, loff_t *offset)
+ {
+ unsigned long val;
+@@ -126,12 +129,14 @@ static const struct file_operations cpu_type_fops = {
+ };
+
+
++static ssize_t enable_read(struct file *file, char __user *buf, size_t count, loff_t *offset) __size_overflow(3);
+ static ssize_t enable_read(struct file *file, char __user *buf, size_t count, loff_t *offset)
+ {
+ return oprofilefs_ulong_to_user(oprofile_started, buf, count, offset);
+ }
+
+
++static ssize_t enable_write(struct file *file, char const __user *buf, size_t count, loff_t *offset) __size_overflow(3);
+ static ssize_t enable_write(struct file *file, char const __user *buf, size_t count, loff_t *offset)
+ {
+ unsigned long val;
diff --git a/drivers/oprofile/oprofile_stats.c b/drivers/oprofile/oprofile_stats.c
index 917d28e..d62d981 100644
--- a/drivers/oprofile/oprofile_stats.c
@@ -35078,10 +35981,18 @@ index 38b6fc0..b5cbfce 100644
extern struct oprofile_stat_struct oprofile_stats;
diff --git a/drivers/oprofile/oprofilefs.c b/drivers/oprofile/oprofilefs.c
-index 2f0aa0f..90fab02 100644
+index 2f0aa0f..d5246c3 100644
--- a/drivers/oprofile/oprofilefs.c
+++ b/drivers/oprofile/oprofilefs.c
-@@ -193,7 +193,7 @@ static const struct file_operations atomic_ro_fops = {
+@@ -97,6 +97,7 @@ static ssize_t ulong_read_file(struct file *file, char __user *buf, size_t count
+ }
+
+
++static ssize_t ulong_write_file(struct file *file, char const __user *buf, size_t count, loff_t *offset) __size_overflow(3);
+ static ssize_t ulong_write_file(struct file *file, char const __user *buf, size_t count, loff_t *offset)
+ {
+ unsigned long value;
+@@ -193,7 +194,7 @@ static const struct file_operations atomic_ro_fops = {
int oprofilefs_create_ro_atomic(struct super_block *sb, struct dentry *root,
@@ -35144,7 +36055,7 @@ index 76ba8a1..20ca857 100644
/* initialize our int15 lock */
diff --git a/drivers/pci/pcie/aspm.c b/drivers/pci/pcie/aspm.c
-index 24f049e..051f66e 100644
+index 2275162..95f1a92 100644
--- a/drivers/pci/pcie/aspm.c
+++ b/drivers/pci/pcie/aspm.c
@@ -27,9 +27,9 @@
@@ -35194,6 +36105,19 @@ index 27911b5..5b6db88 100644
proc_create("devices", 0, proc_bus_pci_dir,
&proc_bus_pci_dev_operations);
proc_initialized = 1;
+diff --git a/drivers/platform/x86/asus_acpi.c b/drivers/platform/x86/asus_acpi.c
+index 6f966d6..68e18ed 100644
+--- a/drivers/platform/x86/asus_acpi.c
++++ b/drivers/platform/x86/asus_acpi.c
+@@ -887,6 +887,8 @@ static int lcd_proc_open(struct inode *inode, struct file *file)
+ }
+
+ static ssize_t lcd_proc_write(struct file *file, const char __user *buffer,
++ size_t count, loff_t *pos) __size_overflow(3);
++static ssize_t lcd_proc_write(struct file *file, const char __user *buffer,
+ size_t count, loff_t *pos)
+ {
+ int rv, value;
diff --git a/drivers/platform/x86/thinkpad_acpi.c b/drivers/platform/x86/thinkpad_acpi.c
index ea0c607..58c4628 100644
--- a/drivers/platform/x86/thinkpad_acpi.c
@@ -35326,6 +36250,19 @@ index ea0c607..58c4628 100644
/*
* Polling driver
+diff --git a/drivers/platform/x86/toshiba_acpi.c b/drivers/platform/x86/toshiba_acpi.c
+index dcdc1f4..85cee16 100644
+--- a/drivers/platform/x86/toshiba_acpi.c
++++ b/drivers/platform/x86/toshiba_acpi.c
+@@ -517,6 +517,8 @@ static int set_lcd_status(struct backlight_device *bd)
+ }
+
+ static ssize_t lcd_proc_write(struct file *file, const char __user *buf,
++ size_t count, loff_t *pos) __size_overflow(3);
++static ssize_t lcd_proc_write(struct file *file, const char __user *buf,
+ size_t count, loff_t *pos)
+ {
+ struct toshiba_acpi_dev *dev = PDE(file->f_path.dentry->d_inode)->data;
diff --git a/drivers/pnp/pnpbios/bioscalls.c b/drivers/pnp/pnpbios/bioscalls.c
index b859d16..5cc6b1a 100644
--- a/drivers/pnp/pnpbios/bioscalls.c
@@ -36362,7 +37299,7 @@ index f59d4a0..1d89407 100644
/*
* Check for overflow; dev_loss_tmo is u32
diff --git a/drivers/scsi/scsi_transport_iscsi.c b/drivers/scsi/scsi_transport_iscsi.c
-index cfd4914..ddd7129 100644
+index e3e3c7d..ebdab62 100644
--- a/drivers/scsi/scsi_transport_iscsi.c
+++ b/drivers/scsi/scsi_transport_iscsi.c
@@ -79,7 +79,7 @@ struct iscsi_internal {
@@ -36532,6 +37469,32 @@ index 9112cd8..92f8d51 100644
#endif
}
+diff --git a/drivers/staging/rtl8192e/rtllib_module.c b/drivers/staging/rtl8192e/rtllib_module.c
+index f9dae95..ff48901 100644
+--- a/drivers/staging/rtl8192e/rtllib_module.c
++++ b/drivers/staging/rtl8192e/rtllib_module.c
+@@ -215,6 +215,8 @@ static int show_debug_level(char *page, char **start, off_t offset,
+ }
+
+ static int store_debug_level(struct file *file, const char __user *buffer,
++ unsigned long count, void *data) __size_overflow(3);
++static int store_debug_level(struct file *file, const char __user *buffer,
+ unsigned long count, void *data)
+ {
+ char buf[] = "0x00000000";
+diff --git a/drivers/staging/rtl8192u/ieee80211/ieee80211_module.c b/drivers/staging/rtl8192u/ieee80211/ieee80211_module.c
+index e3d47bc..85f4d0d 100644
+--- a/drivers/staging/rtl8192u/ieee80211/ieee80211_module.c
++++ b/drivers/staging/rtl8192u/ieee80211/ieee80211_module.c
+@@ -250,6 +250,8 @@ static int show_debug_level(char *page, char **start, off_t offset,
+ }
+
+ static int store_debug_level(struct file *file, const char *buffer,
++ unsigned long count, void *data) __size_overflow(3);
++static int store_debug_level(struct file *file, const char *buffer,
+ unsigned long count, void *data)
+ {
+ char buf[] = "0x00000000";
diff --git a/drivers/staging/rtl8712/rtl871x_io.h b/drivers/staging/rtl8712/rtl871x_io.h
index 86308a0..feaa925 100644
--- a/drivers/staging/rtl8712/rtl871x_io.h
@@ -36761,10 +37724,10 @@ index ed147c4..94fc3c6 100644
/* core tmem accessor functions */
diff --git a/drivers/target/iscsi/iscsi_target.c b/drivers/target/iscsi/iscsi_target.c
-index 501b27c..39dc3d3 100644
+index 97c74ee..7f6d77d 100644
--- a/drivers/target/iscsi/iscsi_target.c
+++ b/drivers/target/iscsi/iscsi_target.c
-@@ -1363,7 +1363,7 @@ static int iscsit_handle_data_out(struct iscsi_conn *conn, unsigned char *buf)
+@@ -1361,7 +1361,7 @@ static int iscsit_handle_data_out(struct iscsi_conn *conn, unsigned char *buf)
* outstanding_r2ts reaches zero, go ahead and send the delayed
* TASK_ABORTED status.
*/
@@ -37250,6 +38213,19 @@ index 2b42a01..32a2ed3 100644
#ifdef CONFIG_KGDB_SERIAL_CONSOLE
/* This is only available if kgdboc is a built in for early debugging */
static int __init kgdboc_early_init(char *opt)
+diff --git a/drivers/tty/sysrq.c b/drivers/tty/sysrq.c
+index 7867b7c..b3c119d 100644
+--- a/drivers/tty/sysrq.c
++++ b/drivers/tty/sysrq.c
+@@ -862,7 +862,7 @@ EXPORT_SYMBOL(unregister_sysrq_key);
+ static ssize_t write_sysrq_trigger(struct file *file, const char __user *buf,
+ size_t count, loff_t *ppos)
+ {
+- if (count) {
++ if (count && capable(CAP_SYS_ADMIN)) {
+ char c;
+
+ if (get_user(c, buf))
diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c
index e41b9bb..84002fb 100644
--- a/drivers/tty/tty_io.c
@@ -37599,21 +38575,6 @@ index d956965..4179a77 100644
if (file->f_version != event_count) {
file->f_version = event_count;
return POLLIN | POLLRDNORM;
-diff --git a/drivers/usb/core/message.c b/drivers/usb/core/message.c
-index b3bdfed..a9460e0 100644
---- a/drivers/usb/core/message.c
-+++ b/drivers/usb/core/message.c
-@@ -869,8 +869,8 @@ char *usb_cache_string(struct usb_device *udev, int index)
- buf = kmalloc(MAX_USB_STRING_SIZE, GFP_NOIO);
- if (buf) {
- len = usb_string(udev, index, buf, MAX_USB_STRING_SIZE);
-- if (len > 0) {
-- smallbuf = kmalloc(++len, GFP_NOIO);
-+ if (len++ > 0) {
-+ smallbuf = kmalloc(len, GFP_NOIO);
- if (!smallbuf)
- return buf;
- memcpy(smallbuf, buf, len);
diff --git a/drivers/usb/early/ehci-dbgp.c b/drivers/usb/early/ehci-dbgp.c
index 1fc8f12..20647c1 100644
--- a/drivers/usb/early/ehci-dbgp.c
@@ -37731,7 +38692,7 @@ index 5c3960d..15cf8fc 100644
goto out1;
}
diff --git a/drivers/video/fbmem.c b/drivers/video/fbmem.c
-index ac9141b..9f07583 100644
+index c6ce416..3b9b642 100644
--- a/drivers/video/fbmem.c
+++ b/drivers/video/fbmem.c
@@ -428,7 +428,7 @@ static void fb_do_show_logo(struct fb_info *info, struct fb_image *image,
@@ -40564,7 +41525,7 @@ index 3c14e43..eafa544 100644
+4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
+4 4 4 4 4 4
diff --git a/drivers/video/udlfb.c b/drivers/video/udlfb.c
-index a197731..6c3af9d 100644
+index a40c05e..785c583 100644
--- a/drivers/video/udlfb.c
+++ b/drivers/video/udlfb.c
@@ -619,11 +619,11 @@ int dlfb_handle_damage(struct dlfb_data *dev, int x, int y,
@@ -41059,7 +42020,7 @@ index 1ff9405..f1e376a 100644
fd_offset + ex.a_text);
up_write(&current->mm->mmap_sem);
diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
-index 07d096c..5e2a0b3 100644
+index 07d096c..851a18b 100644
--- a/fs/binfmt_elf.c
+++ b/fs/binfmt_elf.c
@@ -32,6 +32,7 @@
@@ -41693,7 +42654,7 @@ index 07d096c..5e2a0b3 100644
/* set_brk can never work. Avoid overflows. */
send_sig(SIGKILL, current, 0);
retval = -EINVAL;
-@@ -881,11 +1339,35 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
+@@ -881,11 +1339,36 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
goto out_free_dentry;
}
if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) {
@@ -41716,6 +42677,7 @@ index 07d096c..5e2a0b3 100644
+ down_write(&current->mm->mmap_sem);
+ retval = -ENOMEM;
+ if (!find_vma_intersection(current->mm, start, start + size + PAGE_SIZE)) {
++ current->mm->brk_gap = PAGE_ALIGN(size) >> PAGE_SHIFT;
+ start = do_mmap(NULL, start, size, PROT_NONE, MAP_ANONYMOUS | MAP_FIXED | MAP_PRIVATE, 0);
+ retval = IS_ERR_VALUE(start) ? start : 0;
+ }
@@ -41732,7 +42694,7 @@ index 07d096c..5e2a0b3 100644
if (elf_interpreter) {
unsigned long uninitialized_var(interp_map_addr);
-@@ -1098,7 +1580,7 @@ out:
+@@ -1098,7 +1581,7 @@ out:
* Decide what to dump of a segment, part, all or none.
*/
static unsigned long vma_dump_size(struct vm_area_struct *vma,
@@ -41741,7 +42703,7 @@ index 07d096c..5e2a0b3 100644
{
#define FILTER(type) (mm_flags & (1UL << MMF_DUMP_##type))
-@@ -1132,7 +1614,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma,
+@@ -1132,7 +1615,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma,
if (vma->vm_file == NULL)
return 0;
@@ -41750,7 +42712,7 @@ index 07d096c..5e2a0b3 100644
goto whole;
/*
-@@ -1354,9 +1836,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm)
+@@ -1354,9 +1837,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm)
{
elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv;
int i = 0;
@@ -41762,7 +42724,7 @@ index 07d096c..5e2a0b3 100644
fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv);
}
-@@ -1862,14 +2344,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum,
+@@ -1862,14 +2345,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum,
}
static size_t elf_core_vma_data_size(struct vm_area_struct *gate_vma,
@@ -41779,7 +42741,7 @@ index 07d096c..5e2a0b3 100644
return size;
}
-@@ -1963,7 +2445,7 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -1963,7 +2446,7 @@ static int elf_core_dump(struct coredump_params *cprm)
dataoff = offset = roundup(offset, ELF_EXEC_PAGESIZE);
@@ -41788,7 +42750,7 @@ index 07d096c..5e2a0b3 100644
offset += elf_core_extra_data_size();
e_shoff = offset;
-@@ -1977,10 +2459,12 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -1977,10 +2460,12 @@ static int elf_core_dump(struct coredump_params *cprm)
offset = dataoff;
size += sizeof(*elf);
@@ -41801,7 +42763,7 @@ index 07d096c..5e2a0b3 100644
if (size > cprm->limit
|| !dump_write(cprm->file, phdr4note, sizeof(*phdr4note)))
goto end_coredump;
-@@ -1994,7 +2478,7 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -1994,7 +2479,7 @@ static int elf_core_dump(struct coredump_params *cprm)
phdr.p_offset = offset;
phdr.p_vaddr = vma->vm_start;
phdr.p_paddr = 0;
@@ -41810,7 +42772,7 @@ index 07d096c..5e2a0b3 100644
phdr.p_memsz = vma->vm_end - vma->vm_start;
offset += phdr.p_filesz;
phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0;
-@@ -2005,6 +2489,7 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -2005,6 +2490,7 @@ static int elf_core_dump(struct coredump_params *cprm)
phdr.p_align = ELF_EXEC_PAGESIZE;
size += sizeof(phdr);
@@ -41818,7 +42780,7 @@ index 07d096c..5e2a0b3 100644
if (size > cprm->limit
|| !dump_write(cprm->file, &phdr, sizeof(phdr)))
goto end_coredump;
-@@ -2029,7 +2514,7 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -2029,7 +2515,7 @@ static int elf_core_dump(struct coredump_params *cprm)
unsigned long addr;
unsigned long end;
@@ -41827,7 +42789,7 @@ index 07d096c..5e2a0b3 100644
for (addr = vma->vm_start; addr < end; addr += PAGE_SIZE) {
struct page *page;
-@@ -2038,6 +2523,7 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -2038,6 +2524,7 @@ static int elf_core_dump(struct coredump_params *cprm)
page = get_dump_page(addr);
if (page) {
void *kaddr = kmap(page);
@@ -41835,7 +42797,7 @@ index 07d096c..5e2a0b3 100644
stop = ((size += PAGE_SIZE) > cprm->limit) ||
!dump_write(cprm->file, kaddr,
PAGE_SIZE);
-@@ -2055,6 +2541,7 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -2055,6 +2542,7 @@ static int elf_core_dump(struct coredump_params *cprm)
if (e_phnum == PN_XNUM) {
size += sizeof(*shdr4extnum);
@@ -41843,7 +42805,7 @@ index 07d096c..5e2a0b3 100644
if (size > cprm->limit
|| !dump_write(cprm->file, shdr4extnum,
sizeof(*shdr4extnum)))
-@@ -2075,6 +2562,97 @@ out:
+@@ -2075,6 +2563,97 @@ out:
#endif /* CONFIG_ELF_CORE */
@@ -42296,6 +43258,20 @@ index 3e8094b..cb3ff3d 100644
return ceph_lookup_open(dir, dentry, nd, mode, 1);
}
+diff --git a/fs/cifs/asn1.c b/fs/cifs/asn1.c
+index cfd1ce3..6b13a74 100644
+--- a/fs/cifs/asn1.c
++++ b/fs/cifs/asn1.c
+@@ -416,6 +416,9 @@ asn1_subid_decode(struct asn1_ctx *ctx, unsigned long *subid)
+
+ static int
+ asn1_oid_decode(struct asn1_ctx *ctx,
++ unsigned char *eoc, unsigned long **oid, unsigned int *len) __size_overflow(2);
++static int
++asn1_oid_decode(struct asn1_ctx *ctx,
+ unsigned char *eoc, unsigned long **oid, unsigned int *len)
+ {
+ unsigned long subid;
diff --git a/fs/cifs/cifs_debug.c b/fs/cifs/cifs_debug.c
index 24b3dfc..3cd5454 100644
--- a/fs/cifs/cifs_debug.c
@@ -42430,7 +43406,7 @@ index 24b3dfc..3cd5454 100644
}
}
diff --git a/fs/cifs/cifsfs.c b/fs/cifs/cifsfs.c
-index b1fd382..df45435 100644
+index 6ee1cb4..8443157 100644
--- a/fs/cifs/cifsfs.c
+++ b/fs/cifs/cifsfs.c
@@ -989,7 +989,7 @@ cifs_init_request_bufs(void)
@@ -42463,10 +43439,10 @@ index b1fd382..df45435 100644
atomic_set(&midCount, 0);
diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h
-index 76e7d8b..4814992 100644
+index d47d20a..77e8b33 100644
--- a/fs/cifs/cifsglob.h
+++ b/fs/cifs/cifsglob.h
-@@ -392,28 +392,28 @@ struct cifs_tcon {
+@@ -388,28 +388,28 @@ struct cifs_tcon {
__u16 Flags; /* optional support bits */
enum statusEnum tidStatus;
#ifdef CONFIG_CIFS_STATS
@@ -42517,7 +43493,7 @@ index 76e7d8b..4814992 100644
#ifdef CONFIG_CIFS_STATS2
unsigned long long time_writes;
unsigned long long time_reads;
-@@ -628,7 +628,7 @@ convert_delimiter(char *path, char delim)
+@@ -624,7 +624,7 @@ convert_delimiter(char *path, char delim)
}
#ifdef CONFIG_CIFS_STATS
@@ -42526,7 +43502,7 @@ index 76e7d8b..4814992 100644
static inline void cifs_stats_bytes_written(struct cifs_tcon *tcon,
unsigned int bytes)
-@@ -987,8 +987,8 @@ GLOBAL_EXTERN atomic_t tconInfoReconnectCount;
+@@ -983,8 +983,8 @@ GLOBAL_EXTERN atomic_t tconInfoReconnectCount;
/* Various Debug counters */
GLOBAL_EXTERN atomic_t bufAllocCount; /* current number allocated */
#ifdef CONFIG_CIFS_STATS2
@@ -42819,8 +43795,21 @@ index 5ddd7eb..c18bf04 100644
/*
* We'll have a dentry and an inode for
+diff --git a/fs/configfs/file.c b/fs/configfs/file.c
+index 2b6cb23..d76e879 100644
+--- a/fs/configfs/file.c
++++ b/fs/configfs/file.c
+@@ -135,6 +135,8 @@ out:
+ */
+
+ static int
++fill_write_buffer(struct configfs_buffer * buffer, const char __user * buf, size_t count) __size_overflow(3);
++static int
+ fill_write_buffer(struct configfs_buffer * buffer, const char __user * buf, size_t count)
+ {
+ int error;
diff --git a/fs/dcache.c b/fs/dcache.c
-index bcbdb33..55ffe97 100644
+index 2576d14..0cec38d 100644
--- a/fs/dcache.c
+++ b/fs/dcache.c
@@ -105,10 +105,10 @@ static unsigned int d_hash_shift __read_mostly;
@@ -42837,7 +43826,7 @@ index bcbdb33..55ffe97 100644
return dentry_hashtable + (hash & D_HASHMASK);
}
-@@ -3066,7 +3066,7 @@ void __init vfs_caches_init(unsigned long mempages)
+@@ -3067,7 +3067,7 @@ void __init vfs_caches_init(unsigned long mempages)
mempages -= reserve;
names_cachep = kmem_cache_create("names_cache", PATH_MAX, 0,
@@ -42929,7 +43918,7 @@ index b2a34a1..162fa69 100644
return rc;
}
diff --git a/fs/exec.c b/fs/exec.c
-index 153dee1..8ee97ba 100644
+index 153dee1..ab4ebe9 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -55,6 +55,13 @@
@@ -43375,7 +44364,7 @@ index 153dee1..8ee97ba 100644
cn->corename = kmalloc(cn->size, GFP_KERNEL);
cn->used = 0;
-@@ -1817,6 +1942,218 @@ out:
+@@ -1817,6 +1942,228 @@ out:
return ispipe;
}
@@ -43591,10 +44580,20 @@ index 153dee1..8ee97ba 100644
+EXPORT_SYMBOL(pax_track_stack);
+#endif
+
++#ifdef CONFIG_PAX_SIZE_OVERFLOW
++void report_size_overflow(const char *file, unsigned int line, const char *func)
++{
++ printk(KERN_ERR "PAX: size overflow detected in function %s %s:%u\n", func, file, line);
++ dump_stack();
++ do_group_exit(SIGKILL);
++}
++EXPORT_SYMBOL(report_size_overflow);
++#endif
++
static int zap_process(struct task_struct *start, int exit_code)
{
struct task_struct *t;
-@@ -2014,17 +2351,17 @@ static void wait_for_dump_helpers(struct file *file)
+@@ -2014,17 +2361,17 @@ static void wait_for_dump_helpers(struct file *file)
pipe = file->f_path.dentry->d_inode->i_pipe;
pipe_lock(pipe);
@@ -43617,7 +44616,7 @@ index 153dee1..8ee97ba 100644
pipe_unlock(pipe);
}
-@@ -2085,7 +2422,7 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs)
+@@ -2085,7 +2432,7 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs)
int retval = 0;
int flag = 0;
int ispipe;
@@ -43626,7 +44625,7 @@ index 153dee1..8ee97ba 100644
struct coredump_params cprm = {
.signr = signr,
.regs = regs,
-@@ -2100,6 +2437,9 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs)
+@@ -2100,6 +2447,9 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs)
audit_core_dumps(signr);
@@ -43636,7 +44635,7 @@ index 153dee1..8ee97ba 100644
binfmt = mm->binfmt;
if (!binfmt || !binfmt->core_dump)
goto fail;
-@@ -2167,7 +2507,7 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs)
+@@ -2167,7 +2517,7 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs)
}
cprm.limit = RLIM_INFINITY;
@@ -43645,7 +44644,7 @@ index 153dee1..8ee97ba 100644
if (core_pipe_limit && (core_pipe_limit < dump_count)) {
printk(KERN_WARNING "Pid %d(%s) over core_pipe_limit\n",
task_tgid_vnr(current), current->comm);
-@@ -2194,6 +2534,8 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs)
+@@ -2194,6 +2544,8 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs)
} else {
struct inode *inode;
@@ -43654,7 +44653,7 @@ index 153dee1..8ee97ba 100644
if (cprm.limit < binfmt->min_coredump)
goto fail_unlock;
-@@ -2237,7 +2579,7 @@ close_fail:
+@@ -2237,7 +2589,7 @@ close_fail:
filp_close(cprm.file, NULL);
fail_dropcount:
if (ispipe)
@@ -43663,7 +44662,7 @@ index 153dee1..8ee97ba 100644
fail_unlock:
kfree(cn.corename);
fail_corename:
-@@ -2256,7 +2598,7 @@ fail:
+@@ -2256,7 +2608,7 @@ fail:
*/
int dump_write(struct file *file, const void *addr, int nr)
{
@@ -43718,10 +44717,10 @@ index f9e2cd8..bfdc476 100644
if (free_clusters >= (nclusters + dirty_clusters))
return 1;
diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h
-index 513004f..2591a6b 100644
+index 3ce6a0c..0311fe5 100644
--- a/fs/ext4/ext4.h
+++ b/fs/ext4/ext4.h
-@@ -1218,19 +1218,19 @@ struct ext4_sb_info {
+@@ -1220,19 +1220,19 @@ struct ext4_sb_info {
unsigned long s_mb_last_start;
/* stats for buddy allocator */
@@ -45487,10 +46486,10 @@ index 5698746..6086012 100644
kfree(s);
}
diff --git a/fs/hugetlbfs/inode.c b/fs/hugetlbfs/inode.c
-index 1e85a7a..eb4218a 100644
+index 3645cd3..786809c 100644
--- a/fs/hugetlbfs/inode.c
+++ b/fs/hugetlbfs/inode.c
-@@ -921,7 +921,7 @@ static struct file_system_type hugetlbfs_fs_type = {
+@@ -914,7 +914,7 @@ static struct file_system_type hugetlbfs_fs_type = {
.kill_sb = kill_litter_super,
};
@@ -45602,10 +46601,10 @@ index 8392cb8..80d6193 100644
memcpy(c->data, &cookie, 4);
c->len=4;
diff --git a/fs/locks.c b/fs/locks.c
-index 637694b..f84a121 100644
+index 0d68f1f..f216b79 100644
--- a/fs/locks.c
+++ b/fs/locks.c
-@@ -2074,16 +2074,16 @@ void locks_remove_flock(struct file *filp)
+@@ -2075,16 +2075,16 @@ void locks_remove_flock(struct file *filp)
return;
if (filp->f_op && filp->f_op->flock) {
@@ -46177,6 +47176,28 @@ index e608199..9609cb9 100644
get_fs_root(current->fs, &root);
error = lock_mount(&old);
if (error)
+diff --git a/fs/ncpfs/ncplib_kernel.h b/fs/ncpfs/ncplib_kernel.h
+index 32c0658..b1c2045e 100644
+--- a/fs/ncpfs/ncplib_kernel.h
++++ b/fs/ncpfs/ncplib_kernel.h
+@@ -130,7 +130,7 @@ static inline int ncp_is_nfs_extras(struct ncp_server* server, unsigned int voln
+ int ncp__io2vol(struct ncp_server *, unsigned char *, unsigned int *,
+ const unsigned char *, unsigned int, int);
+ int ncp__vol2io(struct ncp_server *, unsigned char *, unsigned int *,
+- const unsigned char *, unsigned int, int);
++ const unsigned char *, unsigned int, int) __size_overflow(5);
+
+ #define NCP_ESC ':'
+ #define NCP_IO_TABLE(sb) (NCP_SBP(sb)->nls_io)
+@@ -146,7 +146,7 @@ int ncp__vol2io(struct ncp_server *, unsigned char *, unsigned int *,
+ int ncp__io2vol(unsigned char *, unsigned int *,
+ const unsigned char *, unsigned int, int);
+ int ncp__vol2io(unsigned char *, unsigned int *,
+- const unsigned char *, unsigned int, int);
++ const unsigned char *, unsigned int, int) __size_overflow(5);
+
+ #define NCP_IO_TABLE(sb) NULL
+ #define ncp_tolower(t, c) tolower(c)
diff --git a/fs/nfs/inode.c b/fs/nfs/inode.c
index f649fba..236bf92 100644
--- a/fs/nfs/inode.c
@@ -47473,7 +48494,7 @@ index 06e1cc1..177cd98 100644
rcu_read_lock();
task = pid_task(proc_pid(dir), PIDTYPE_PID);
diff --git a/fs/proc/proc_sysctl.c b/fs/proc/proc_sysctl.c
-index a6b6217..1e0579d 100644
+index 53c3bce..10ad159 100644
--- a/fs/proc/proc_sysctl.c
+++ b/fs/proc/proc_sysctl.c
@@ -9,11 +9,13 @@
@@ -47520,7 +48541,7 @@ index a6b6217..1e0579d 100644
/* careful: calling conventions are nasty here */
res = count;
error = table->proc_handler(table, write, buf, &res, ppos);
-@@ -245,6 +259,9 @@ static int proc_sys_fill_cache(struct file *filp, void *dirent,
+@@ -260,6 +274,9 @@ static int proc_sys_fill_cache(struct file *filp, void *dirent,
return -ENOMEM;
} else {
d_set_d_op(child, &proc_sys_dentry_operations);
@@ -47530,7 +48551,7 @@ index a6b6217..1e0579d 100644
d_add(child, inode);
}
} else {
-@@ -273,6 +290,9 @@ static int scan(struct ctl_table_header *head, ctl_table *table,
+@@ -288,6 +305,9 @@ static int scan(struct ctl_table_header *head, ctl_table *table,
if (*pos < file->f_pos)
continue;
@@ -47540,7 +48561,7 @@ index a6b6217..1e0579d 100644
res = proc_sys_fill_cache(file, dirent, filldir, head, table);
if (res)
return res;
-@@ -398,6 +418,9 @@ static int proc_sys_getattr(struct vfsmount *mnt, struct dentry *dentry, struct
+@@ -413,6 +433,9 @@ static int proc_sys_getattr(struct vfsmount *mnt, struct dentry *dentry, struct
if (IS_ERR(head))
return PTR_ERR(head);
@@ -47550,7 +48571,7 @@ index a6b6217..1e0579d 100644
generic_fillattr(inode, stat);
if (table)
stat->mode = (stat->mode & S_IFMT) | table->mode;
-@@ -420,13 +443,13 @@ static const struct file_operations proc_sys_dir_file_operations = {
+@@ -435,13 +458,13 @@ static const struct file_operations proc_sys_dir_file_operations = {
.llseek = generic_file_llseek,
};
@@ -47587,7 +48608,7 @@ index 46a15d8..335631a 100644
}
diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c
-index 7dcd2a2..b2f410e 100644
+index 3efa725..23c925b 100644
--- a/fs/proc/task_mmu.c
+++ b/fs/proc/task_mmu.c
@@ -11,6 +11,7 @@
@@ -47708,7 +48729,7 @@ index 7dcd2a2..b2f410e 100644
show_map_vma(m, vma);
if (m->count < m->size) /* vma is copied successfully */
-@@ -434,12 +464,23 @@ static int show_smap(struct seq_file *m, void *v)
+@@ -437,12 +467,23 @@ static int show_smap(struct seq_file *m, void *v)
.private = &mss,
};
@@ -47737,7 +48758,7 @@ index 7dcd2a2..b2f410e 100644
show_map_vma(m, vma);
seq_printf(m,
-@@ -457,7 +498,11 @@ static int show_smap(struct seq_file *m, void *v)
+@@ -460,7 +501,11 @@ static int show_smap(struct seq_file *m, void *v)
"KernelPageSize: %8lu kB\n"
"MMUPageSize: %8lu kB\n"
"Locked: %8lu kB\n",
@@ -47749,7 +48770,7 @@ index 7dcd2a2..b2f410e 100644
mss.resident >> 10,
(unsigned long)(mss.pss >> (10 + PSS_SHIFT)),
mss.shared_clean >> 10,
-@@ -1015,6 +1060,13 @@ static int show_numa_map(struct seq_file *m, void *v)
+@@ -1024,6 +1069,13 @@ static int show_numa_map(struct seq_file *m, void *v)
int n;
char buffer[50];
@@ -47763,7 +48784,7 @@ index 7dcd2a2..b2f410e 100644
if (!mm)
return 0;
-@@ -1032,11 +1084,15 @@ static int show_numa_map(struct seq_file *m, void *v)
+@@ -1041,11 +1093,15 @@ static int show_numa_map(struct seq_file *m, void *v)
mpol_to_str(buffer, sizeof(buffer), pol, 0);
mpol_cond_put(pol);
@@ -47973,7 +48994,7 @@ index e782258..3b4b44c 100644
return -EINVAL;
diff --git a/fs/seq_file.c b/fs/seq_file.c
-index 4023d6b..53b39c5 100644
+index 4023d6b..ab46c6a 100644
--- a/fs/seq_file.c
+++ b/fs/seq_file.c
@@ -9,6 +9,7 @@
@@ -47994,47 +49015,7 @@ index 4023d6b..53b39c5 100644
/*
* Wrappers around seq_open(e.g. swaps_open) need to be
-@@ -76,7 +80,8 @@ static int traverse(struct seq_file *m, loff_t offset)
- return 0;
- }
- if (!m->buf) {
-- m->buf = kmalloc(m->size = PAGE_SIZE, GFP_KERNEL);
-+ m->size = PAGE_SIZE;
-+ m->buf = kmalloc(PAGE_SIZE, GFP_KERNEL);
- if (!m->buf)
- return -ENOMEM;
- }
-@@ -116,7 +121,8 @@ static int traverse(struct seq_file *m, loff_t offset)
- Eoverflow:
- m->op->stop(m, p);
- kfree(m->buf);
-- m->buf = kmalloc(m->size <<= 1, GFP_KERNEL);
-+ m->size <<= 1;
-+ m->buf = kmalloc(m->size, GFP_KERNEL);
- return !m->buf ? -ENOMEM : -EAGAIN;
- }
-
-@@ -169,7 +175,8 @@ ssize_t seq_read(struct file *file, char __user *buf, size_t size, loff_t *ppos)
- m->version = file->f_version;
- /* grab buffer if we didn't have one */
- if (!m->buf) {
-- m->buf = kmalloc(m->size = PAGE_SIZE, GFP_KERNEL);
-+ m->size = PAGE_SIZE;
-+ m->buf = kmalloc(PAGE_SIZE, GFP_KERNEL);
- if (!m->buf)
- goto Enomem;
- }
-@@ -210,7 +217,8 @@ ssize_t seq_read(struct file *file, char __user *buf, size_t size, loff_t *ppos)
- goto Fill;
- m->op->stop(m, p);
- kfree(m->buf);
-- m->buf = kmalloc(m->size <<= 1, GFP_KERNEL);
-+ m->size <<= 1;
-+ m->buf = kmalloc(m->size, GFP_KERNEL);
- if (!m->buf)
- goto Enomem;
- m->count = 0;
-@@ -549,7 +557,7 @@ static void single_stop(struct seq_file *p, void *v)
+@@ -549,7 +553,7 @@ static void single_stop(struct seq_file *p, void *v)
int single_open(struct file *file, int (*show)(struct seq_file *, void *),
void *data)
{
@@ -48185,6 +49166,19 @@ index 1ec0493..d6ab5c2 100644
ret = -EAGAIN;
pipe_unlock(ipipe);
+diff --git a/fs/sysfs/bin.c b/fs/sysfs/bin.c
+index a475983..9c6a1f0 100644
+--- a/fs/sysfs/bin.c
++++ b/fs/sysfs/bin.c
+@@ -67,6 +67,8 @@ fill_read(struct file *file, char *buffer, loff_t off, size_t count)
+ }
+
+ static ssize_t
++read(struct file *file, char __user *userbuf, size_t bytes, loff_t *off) __size_overflow(3);
++static ssize_t
+ read(struct file *file, char __user *userbuf, size_t bytes, loff_t *off)
+ {
+ struct bin_buffer *bb = file->private_data;
diff --git a/fs/sysfs/dir.c b/fs/sysfs/dir.c
index 7fdf6a7..e6cd8ad 100644
--- a/fs/sysfs/dir.c
@@ -48270,6 +49264,27 @@ index a7ac78f..02158e1 100644
if (!IS_ERR(page))
free_page((unsigned long)page);
}
+diff --git a/fs/ubifs/debug.c b/fs/ubifs/debug.c
+index f922cba..062fb02 100644
+--- a/fs/ubifs/debug.c
++++ b/fs/ubifs/debug.c
+@@ -2819,6 +2819,7 @@ static ssize_t dfs_file_read(struct file *file, char __user *u, size_t count,
+ * debugfs file. Returns %0 or %1 in case of success and a negative error code
+ * in case of failure.
+ */
++static int interpret_user_input(const char __user *u, size_t count) __size_overflow(2);
+ static int interpret_user_input(const char __user *u, size_t count)
+ {
+ size_t buf_size;
+@@ -2837,6 +2838,8 @@ static int interpret_user_input(const char __user *u, size_t count)
+ }
+
+ static ssize_t dfs_file_write(struct file *file, const char __user *u,
++ size_t count, loff_t *ppos) __size_overflow(3);
++static ssize_t dfs_file_write(struct file *file, const char __user *u,
+ size_t count, loff_t *ppos)
+ {
+ struct ubifs_info *c = file->private_data;
diff --git a/fs/udf/misc.c b/fs/udf/misc.c
index c175b4d..8f36a16 100644
--- a/fs/udf/misc.c
@@ -49579,10 +50594,10 @@ index 0000000..1b9afa9
+endif
diff --git a/grsecurity/gracl.c b/grsecurity/gracl.c
new file mode 100644
-index 0000000..e8c5d41
+index 0000000..42813ac
--- /dev/null
+++ b/grsecurity/gracl.c
-@@ -0,0 +1,4179 @@
+@@ -0,0 +1,4192 @@
+#include <linux/kernel.h>
+#include <linux/module.h>
+#include <linux/sched.h>
@@ -52147,19 +53162,32 @@ index 0000000..e8c5d41
+
+ newacl = chk_subj_label(dentry, mnt, task->role);
+
-+ task_lock(task);
++ /* special handling for if we did an strace -f -p <pid> from an admin role, where pid then
++ did an exec
++ */
++ rcu_read_lock();
++ read_lock(&tasklist_lock);
++ if (task->ptrace && task->parent && ((task->parent->role->roletype & GR_ROLE_GOD) ||
++ (task->parent->acl->mode & GR_POVERRIDE))) {
++ read_unlock(&tasklist_lock);
++ rcu_read_unlock();
++ goto skip_check;
++ }
++ read_unlock(&tasklist_lock);
++ rcu_read_unlock();
++
+ if (unsafe_flags && !(task->acl->mode & GR_POVERRIDE) && (task->acl != newacl) &&
+ !(task->role->roletype & GR_ROLE_GOD) &&
+ !gr_search_file(dentry, GR_PTRACERD, mnt) &&
+ !(task->acl->mode & (GR_LEARN | GR_INHERITLEARN))) {
-+ task_unlock(task);
+ if (unsafe_flags & LSM_UNSAFE_SHARE)
+ gr_log_fs_generic(GR_DONT_AUDIT, GR_UNSAFESHARE_EXEC_ACL_MSG, dentry, mnt);
+ else
+ gr_log_fs_generic(GR_DONT_AUDIT, GR_PTRACE_EXEC_ACL_MSG, dentry, mnt);
+ return -EACCES;
+ }
-+ task_unlock(task);
++
++skip_check:
+
+ obj = chk_obj_label(dentry, mnt, task->acl);
+ retmode = obj->mode & (GR_INHERIT | GR_AUDIT_INHERIT);
@@ -54432,10 +55460,10 @@ index 0000000..88d0e87
+}
diff --git a/grsecurity/gracl_ip.c b/grsecurity/gracl_ip.c
new file mode 100644
-index 0000000..17050ca
+index 0000000..58800a7
--- /dev/null
+++ b/grsecurity/gracl_ip.c
-@@ -0,0 +1,381 @@
+@@ -0,0 +1,384 @@
+#include <linux/kernel.h>
+#include <asm/uaccess.h>
+#include <asm/errno.h>
@@ -54757,6 +55785,9 @@ index 0000000..17050ca
+int
+gr_search_connect(struct socket *sock, struct sockaddr_in *addr)
+{
++ /* always allow disconnection of dgram sockets with connect */
++ if (addr->sin_family == AF_UNSPEC)
++ return 0;
+ return gr_search_connectbind(GR_CONNECT | GR_CONNECTOVERRIDE, sock->sk, addr, sock->type);
+}
+
@@ -58848,32 +59879,6 @@ index 0d68a1e..b74a761 100644
{
machine_restart(NULL);
}
-diff --git a/include/asm-generic/int-l64.h b/include/asm-generic/int-l64.h
-index 1ca3efc..e3dc852 100644
---- a/include/asm-generic/int-l64.h
-+++ b/include/asm-generic/int-l64.h
-@@ -46,6 +46,8 @@ typedef unsigned int u32;
- typedef signed long s64;
- typedef unsigned long u64;
-
-+typedef unsigned int intoverflow_t __attribute__ ((mode(TI)));
-+
- #define S8_C(x) x
- #define U8_C(x) x ## U
- #define S16_C(x) x
-diff --git a/include/asm-generic/int-ll64.h b/include/asm-generic/int-ll64.h
-index f394147..b6152b9 100644
---- a/include/asm-generic/int-ll64.h
-+++ b/include/asm-generic/int-ll64.h
-@@ -51,6 +51,8 @@ typedef unsigned int u32;
- typedef signed long long s64;
- typedef unsigned long long u64;
-
-+typedef unsigned long long intoverflow_t;
-+
- #define S8_C(x) x
- #define U8_C(x) x ## U
- #define S16_C(x) x
diff --git a/include/asm-generic/kmap_types.h b/include/asm-generic/kmap_types.h
index 0232ccb..13d9165 100644
--- a/include/asm-generic/kmap_types.h
@@ -58978,12 +59983,12 @@ index 810431d..ccc3638 100644
* The "pgd_xxx()" functions here are trivial for a folded two-level
* setup: the pud is never bad, and a pud always exists (as it's folded
diff --git a/include/asm-generic/pgtable.h b/include/asm-generic/pgtable.h
-index 76bff2b..c7a14e2 100644
+index a03c098..7e5b223 100644
--- a/include/asm-generic/pgtable.h
+++ b/include/asm-generic/pgtable.h
-@@ -443,6 +443,14 @@ static inline int pmd_write(pmd_t pmd)
- #endif /* __HAVE_ARCH_PMD_WRITE */
+@@ -502,6 +502,14 @@ static inline int pmd_trans_unstable(pmd_t *pmd)
#endif
+ }
+#ifndef __HAVE_ARCH_PAX_OPEN_KERNEL
+static inline unsigned long pax_open_kernel(void) { return 0; }
@@ -58993,9 +59998,73 @@ index 76bff2b..c7a14e2 100644
+static inline unsigned long pax_close_kernel(void) { return 0; }
+#endif
+
+ #endif /* CONFIG_MMU */
+
#endif /* !__ASSEMBLY__ */
+diff --git a/include/asm-generic/uaccess.h b/include/asm-generic/uaccess.h
+index 9788568..510dece 100644
+--- a/include/asm-generic/uaccess.h
++++ b/include/asm-generic/uaccess.h
+@@ -76,6 +76,8 @@ extern unsigned long search_exception_table(unsigned long);
+ */
+ #ifndef __copy_from_user
+ static inline __must_check long __copy_from_user(void *to,
++ const void __user * from, unsigned long n) __size_overflow(3);
++static inline __must_check long __copy_from_user(void *to,
+ const void __user * from, unsigned long n)
+ {
+ if (__builtin_constant_p(n)) {
+@@ -106,6 +108,8 @@ static inline __must_check long __copy_from_user(void *to,
- #endif /* _ASM_GENERIC_PGTABLE_H */
+ #ifndef __copy_to_user
+ static inline __must_check long __copy_to_user(void __user *to,
++ const void *from, unsigned long n) __size_overflow(3);
++static inline __must_check long __copy_to_user(void __user *to,
+ const void *from, unsigned long n)
+ {
+ if (__builtin_constant_p(n)) {
+@@ -224,6 +228,7 @@ extern int __put_user_bad(void) __attribute__((noreturn));
+ -EFAULT; \
+ })
+
++static inline int __get_user_fn(size_t size, const void __user *ptr, void *x) __size_overflow(1);
+ static inline int __get_user_fn(size_t size, const void __user *ptr, void *x)
+ {
+ size = __copy_from_user(x, ptr, size);
+@@ -240,6 +245,7 @@ extern int __get_user_bad(void) __attribute__((noreturn));
+ #define __copy_to_user_inatomic __copy_to_user
+ #endif
+
++static inline long copy_from_user(void *to, const void __user * from, unsigned long n) __size_overflow(3);
+ static inline long copy_from_user(void *to,
+ const void __user * from, unsigned long n)
+ {
+@@ -250,6 +256,7 @@ static inline long copy_from_user(void *to,
+ return n;
+ }
+
++static inline long copy_to_user(void __user *to, const void *from, unsigned long n) __size_overflow(3);
+ static inline long copy_to_user(void __user *to,
+ const void *from, unsigned long n)
+ {
+@@ -314,6 +321,8 @@ static inline long strlen_user(const char __user *src)
+ */
+ #ifndef __clear_user
+ static inline __must_check unsigned long
++__clear_user(void __user *to, unsigned long n) __size_overflow(2);
++static inline __must_check unsigned long
+ __clear_user(void __user *to, unsigned long n)
+ {
+ memset((void __force *)to, 0, n);
+@@ -322,6 +331,8 @@ __clear_user(void __user *to, unsigned long n)
+ #endif
+
+ static inline __must_check unsigned long
++clear_user(void __user *to, unsigned long n) __size_overflow(2);
++static inline __must_check unsigned long
+ clear_user(void __user *to, unsigned long n)
+ {
+ might_sleep();
diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h
index b5e2e4c..6a5373e 100644
--- a/include/asm-generic/vmlinux.lds.h
@@ -59276,10 +60345,10 @@ index 04ffb2e..6799180 100644
extern struct cleancache_ops
cleancache_register_ops(struct cleancache_ops *ops);
diff --git a/include/linux/compiler-gcc4.h b/include/linux/compiler-gcc4.h
-index 2f40791..89a56fd 100644
+index 2f40791..567b215 100644
--- a/include/linux/compiler-gcc4.h
+++ b/include/linux/compiler-gcc4.h
-@@ -32,6 +32,12 @@
+@@ -32,6 +32,15 @@
#define __linktime_error(message) __attribute__((__error__(message)))
#if __GNUC_MINOR__ >= 5
@@ -59289,10 +60358,13 @@ index 2f40791..89a56fd 100644
+#define __do_const __attribute__((do_const))
+#endif
+
++#ifdef SIZE_OVERFLOW_PLUGIN
++#define __size_overflow(...) __attribute__((size_overflow(__VA_ARGS__)))
++#endif
/*
* Mark a position in code as unreachable. This can be used to
* suppress control flow warnings after asm blocks that transfer
-@@ -47,6 +53,11 @@
+@@ -47,6 +56,11 @@
#define __noclone __attribute__((__noclone__))
#endif
@@ -59305,7 +60377,7 @@ index 2f40791..89a56fd 100644
#if __GNUC_MINOR__ > 0
diff --git a/include/linux/compiler.h b/include/linux/compiler.h
-index 4a24354..9570c1b 100644
+index 4a24354..ecaff7a 100644
--- a/include/linux/compiler.h
+++ b/include/linux/compiler.h
@@ -5,31 +5,62 @@
@@ -59381,7 +60453,7 @@ index 4a24354..9570c1b 100644
#endif
#ifdef __KERNEL__
-@@ -264,6 +297,14 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect);
+@@ -264,6 +297,17 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect);
# define __attribute_const__ /* unimplemented */
#endif
@@ -59393,10 +60465,13 @@ index 4a24354..9570c1b 100644
+# define __do_const
+#endif
+
++#ifndef __size_overflow
++# define __size_overflow(...)
++#endif
/*
* Tell gcc if a function is cold. The compiler will assume any path
* directly leading to the call is unlikely.
-@@ -273,6 +314,22 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect);
+@@ -273,6 +317,22 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect);
#define __cold
#endif
@@ -59419,7 +60494,7 @@ index 4a24354..9570c1b 100644
/* Simple shorthand for a section definition */
#ifndef __section
# define __section(S) __attribute__ ((__section__(#S)))
-@@ -308,6 +365,7 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect);
+@@ -308,6 +368,7 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect);
* use is to mediate communication between process-level code and irq/NMI
* handlers, all running on the same CPU.
*/
@@ -59441,6 +60516,19 @@ index e9eaec5..bfeb9bb 100644
}
static inline void set_mems_allowed(nodemask_t nodemask)
+diff --git a/include/linux/crash_dump.h b/include/linux/crash_dump.h
+index b936763..48685ee 100644
+--- a/include/linux/crash_dump.h
++++ b/include/linux/crash_dump.h
+@@ -14,7 +14,7 @@ extern unsigned long long elfcorehdr_addr;
+ extern unsigned long long elfcorehdr_size;
+
+ extern ssize_t copy_oldmem_page(unsigned long, char *, size_t,
+- unsigned long, int);
++ unsigned long, int) __size_overflow(3);
+
+ /* Architecture code defines this if there are other possible ELF
+ * machine types, e.g. on bi-arch capable hardware. */
diff --git a/include/linux/cred.h b/include/linux/cred.h
index adadf71..6af5560 100644
--- a/include/linux/cred.h
@@ -59635,10 +60723,10 @@ index 84ccf8e..2e9b14c 100644
};
diff --git a/include/linux/fs.h b/include/linux/fs.h
-index 69cd5bb..58425c2 100644
+index f4b6e06..d6ba573 100644
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
-@@ -1623,7 +1623,8 @@ struct file_operations {
+@@ -1628,7 +1628,8 @@ struct file_operations {
int (*setlease)(struct file *, long, struct file_lock **);
long (*fallocate)(struct file *file, int mode, loff_t offset,
loff_t len);
@@ -61034,7 +62122,7 @@ index 3875719..4cd454c 100644
/* This macro allows us to keep printk typechecking */
static __printf(1, 2)
diff --git a/include/linux/kgdb.h b/include/linux/kgdb.h
-index fa39183..40160be 100644
+index c4d2fc1..5df9c19 100644
--- a/include/linux/kgdb.h
+++ b/include/linux/kgdb.h
@@ -53,7 +53,7 @@ extern int kgdb_connected;
@@ -61046,7 +62134,7 @@ index fa39183..40160be 100644
extern struct task_struct *kgdb_usethread;
extern struct task_struct *kgdb_contthread;
-@@ -251,7 +251,7 @@ struct kgdb_arch {
+@@ -252,7 +252,7 @@ struct kgdb_arch {
void (*disable_hw_break)(struct pt_regs *regs);
void (*remove_all_hw_break)(void);
void (*correct_hw_break)(void);
@@ -61055,7 +62143,7 @@ index fa39183..40160be 100644
/**
* struct kgdb_io - Describe the interface for an I/O driver to talk with KGDB.
-@@ -276,7 +276,7 @@ struct kgdb_io {
+@@ -277,7 +277,7 @@ struct kgdb_io {
void (*pre_exception) (void);
void (*post_exception) (void);
int is_console;
@@ -61065,7 +62153,7 @@ index fa39183..40160be 100644
extern struct kgdb_arch arch_kgdb_ops;
diff --git a/include/linux/kmod.h b/include/linux/kmod.h
-index 722f477..eef2a27 100644
+index 0fb48ef..1b680b2 100644
--- a/include/linux/kmod.h
+++ b/include/linux/kmod.h
@@ -34,6 +34,8 @@ extern char modprobe_path[]; /* for sysctl */
@@ -61091,7 +62179,7 @@ index 9c07dce..a92fa71 100644
if (atomic_sub_and_test((int) count, &kref->refcount)) {
release(kref);
diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h
-index 900c763..43260cf 100644
+index 900c763..3287a0b 100644
--- a/include/linux/kvm_host.h
+++ b/include/linux/kvm_host.h
@@ -326,7 +326,7 @@ void kvm_vcpu_uninit(struct kvm_vcpu *vcpu);
@@ -61103,6 +62191,33 @@ index 900c763..43260cf 100644
struct module *module);
void kvm_exit(void);
+@@ -416,20 +416,20 @@ void kvm_get_pfn(pfn_t pfn);
+ int kvm_read_guest_page(struct kvm *kvm, gfn_t gfn, void *data, int offset,
+ int len);
+ int kvm_read_guest_atomic(struct kvm *kvm, gpa_t gpa, void *data,
+- unsigned long len);
+-int kvm_read_guest(struct kvm *kvm, gpa_t gpa, void *data, unsigned long len);
++ unsigned long len) __size_overflow(4);
++int kvm_read_guest(struct kvm *kvm, gpa_t gpa, void *data, unsigned long len) __size_overflow(2,4);
+ int kvm_read_guest_cached(struct kvm *kvm, struct gfn_to_hva_cache *ghc,
+- void *data, unsigned long len);
++ void *data, unsigned long len) __size_overflow(4);
+ int kvm_write_guest_page(struct kvm *kvm, gfn_t gfn, const void *data,
+ int offset, int len);
+ int kvm_write_guest(struct kvm *kvm, gpa_t gpa, const void *data,
+- unsigned long len);
++ unsigned long len) __size_overflow(2,4);
+ int kvm_write_guest_cached(struct kvm *kvm, struct gfn_to_hva_cache *ghc,
+- void *data, unsigned long len);
++ void *data, unsigned long len) __size_overflow(4);
+ int kvm_gfn_to_hva_cache_init(struct kvm *kvm, struct gfn_to_hva_cache *ghc,
+ gpa_t gpa);
+ int kvm_clear_guest_page(struct kvm *kvm, gfn_t gfn, int offset, int len);
+-int kvm_clear_guest(struct kvm *kvm, gpa_t gpa, unsigned long len);
++int kvm_clear_guest(struct kvm *kvm, gpa_t gpa, unsigned long len) __size_overflow(2,3);
+ struct kvm_memory_slot *gfn_to_memslot(struct kvm *kvm, gfn_t gfn);
+ int kvm_is_visible_gfn(struct kvm *kvm, gfn_t gfn);
+ unsigned long kvm_host_page_size(struct kvm *kvm, gfn_t gfn);
@@ -485,7 +485,7 @@ int kvm_arch_vcpu_ioctl_set_guest_debug(struct kvm_vcpu *vcpu,
struct kvm_guest_debug *dbg);
int kvm_arch_vcpu_ioctl_run(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run);
@@ -61112,6 +62227,15 @@ index 900c763..43260cf 100644
void kvm_arch_exit(void);
int kvm_arch_vcpu_init(struct kvm_vcpu *vcpu);
+@@ -721,7 +721,7 @@ int kvm_setup_default_irq_routing(struct kvm *kvm);
+ int kvm_set_irq_routing(struct kvm *kvm,
+ const struct kvm_irq_routing_entry *entries,
+ unsigned nr,
+- unsigned flags);
++ unsigned flags) __size_overflow(3);
+ void kvm_free_irq_routing(struct kvm *kvm);
+
+ #else
diff --git a/include/linux/libata.h b/include/linux/libata.h
index cafc09a..d7e7829 100644
--- a/include/linux/libata.h
@@ -61290,7 +62414,7 @@ index 17b27cd..467ba2f 100644
#endif /* __KERNEL__ */
#endif /* _LINUX_MM_H */
diff --git a/include/linux/mm_types.h b/include/linux/mm_types.h
-index 3cc3062..8947a82 100644
+index 3cc3062..efeaeb7 100644
--- a/include/linux/mm_types.h
+++ b/include/linux/mm_types.h
@@ -252,6 +252,8 @@ struct vm_area_struct {
@@ -61302,12 +62426,21 @@ index 3cc3062..8947a82 100644
};
struct core_thread {
+@@ -326,7 +328,7 @@ struct mm_struct {
+ unsigned long def_flags;
+ unsigned long nr_ptes; /* Page table pages */
+ unsigned long start_code, end_code, start_data, end_data;
+- unsigned long start_brk, brk, start_stack;
++ unsigned long brk_gap, start_brk, brk, start_stack;
+ unsigned long arg_start, arg_end, env_start, env_end;
+
+ unsigned long saved_auxv[AT_VECTOR_SIZE]; /* for /proc/PID/auxv */
@@ -388,6 +390,24 @@ struct mm_struct {
#ifdef CONFIG_CPUMASK_OFFSTACK
struct cpumask cpumask_allocation;
#endif
+
-+#if defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR)
++#if defined(CONFIG_PAX_EI_PAX) || defined(CONFIG_PAX_PT_PAX_FLAGS) || defined(CONFIG_PAX_XATTR_PAX_FLAGS) || defined(CONFIG_PAX_HAVE_ACL_FLAGS) || defined(CONFIG_PAX_HOOK_ACL_FLAGS)
+ unsigned long pax_flags;
+#endif
+
@@ -61481,19 +62614,22 @@ index 4598bf0..e069d7f 100644
/* Search for module by name: must hold module_mutex. */
diff --git a/include/linux/moduleloader.h b/include/linux/moduleloader.h
-index b2be02e..6a9fdb1 100644
+index b2be02e..72d2f78 100644
--- a/include/linux/moduleloader.h
+++ b/include/linux/moduleloader.h
-@@ -25,9 +25,21 @@ unsigned int arch_mod_section_prepend(struct module *mod, unsigned int section);
- sections. Returns NULL on failure. */
- void *module_alloc(unsigned long size);
+@@ -23,11 +23,23 @@ unsigned int arch_mod_section_prepend(struct module *mod, unsigned int section);
+ /* Allocator used for allocating struct module, core sections and init
+ sections. Returns NULL on failure. */
+-void *module_alloc(unsigned long size);
++void *module_alloc(unsigned long size) __size_overflow(1);
++
+#ifdef CONFIG_PAX_KERNEXEC
-+void *module_alloc_exec(unsigned long size);
++void *module_alloc_exec(unsigned long size) __size_overflow(1);
+#else
+#define module_alloc_exec(x) module_alloc(x)
+#endif
-+
+
/* Free memory returned from module_alloc. */
void module_free(struct module *mod, void *module_region);
@@ -61606,7 +62742,7 @@ index c65a18a..0c05f3a 100644
extern void *prom_early_alloc(unsigned long size);
diff --git a/include/linux/oprofile.h b/include/linux/oprofile.h
-index a4c5624..79d6d88 100644
+index a4c5624..2dabfb7 100644
--- a/include/linux/oprofile.h
+++ b/include/linux/oprofile.h
@@ -139,9 +139,9 @@ int oprofilefs_create_ulong(struct super_block * sb, struct dentry * root,
@@ -61621,6 +62757,15 @@ index a4c5624..79d6d88 100644
/** create a directory */
struct dentry * oprofilefs_mkdir(struct super_block * sb, struct dentry * root,
+@@ -163,7 +163,7 @@ ssize_t oprofilefs_ulong_to_user(unsigned long val, char __user * buf, size_t co
+ * Read an ASCII string for a number from a userspace buffer and fill *val on success.
+ * Returns 0 on success, < 0 on error.
+ */
+-int oprofilefs_ulong_from_user(unsigned long * val, char const __user * buf, size_t count);
++int oprofilefs_ulong_from_user(unsigned long * val, char const __user * buf, size_t count) __size_overflow(3);
+
+ /** lock for read/write safety */
+ extern raw_spinlock_t oprofilefs_lock;
diff --git a/include/linux/padata.h b/include/linux/padata.h
index 4633b2f..988bc08 100644
--- a/include/linux/padata.h
@@ -62262,7 +63407,7 @@ index ae86ade..2b51468 100644
extern int ___pskb_trim(struct sk_buff *skb, unsigned int len);
diff --git a/include/linux/slab.h b/include/linux/slab.h
-index 573c809..e84c132 100644
+index 573c809..07e1f43 100644
--- a/include/linux/slab.h
+++ b/include/linux/slab.h
@@ -11,12 +11,20 @@
@@ -62303,7 +63448,14 @@ index 573c809..e84c132 100644
/*
* struct kmem_cache related prototypes
-@@ -161,6 +172,7 @@ void * __must_check krealloc(const void *, size_t, gfp_t);
+@@ -156,11 +167,12 @@ unsigned int kmem_cache_size(struct kmem_cache *);
+ /*
+ * Common kmalloc functions provided by all allocators
+ */
+-void * __must_check __krealloc(const void *, size_t, gfp_t);
+-void * __must_check krealloc(const void *, size_t, gfp_t);
++void * __must_check __krealloc(const void *, size_t, gfp_t) __size_overflow(2);
++void * __must_check krealloc(const void *, size_t, gfp_t) __size_overflow(2);
void kfree(const void *);
void kzfree(const void *);
size_t ksize(const void *);
@@ -62311,68 +63463,26 @@ index 573c809..e84c132 100644
/*
* Allocator specific definitions. These are mainly used to establish optimized
-@@ -353,4 +365,59 @@ static inline void *kzalloc_node(size_t size, gfp_t flags, int node)
-
- void __init kmem_cache_init_late(void);
-
-+#define kmalloc(x, y) \
-+({ \
-+ void *___retval; \
-+ intoverflow_t ___x = (intoverflow_t)x; \
-+ if (WARN(___x > ULONG_MAX, "kmalloc size overflow\n")) \
-+ ___retval = NULL; \
-+ else \
-+ ___retval = kmalloc((size_t)___x, (y)); \
-+ ___retval; \
-+})
-+
-+#define kmalloc_node(x, y, z) \
-+({ \
-+ void *___retval; \
-+ intoverflow_t ___x = (intoverflow_t)x; \
-+ if (WARN(___x > ULONG_MAX, "kmalloc_node size overflow\n"))\
-+ ___retval = NULL; \
-+ else \
-+ ___retval = kmalloc_node((size_t)___x, (y), (z));\
-+ ___retval; \
-+})
-+
-+#define kzalloc(x, y) \
-+({ \
-+ void *___retval; \
-+ intoverflow_t ___x = (intoverflow_t)x; \
-+ if (WARN(___x > ULONG_MAX, "kzalloc size overflow\n")) \
-+ ___retval = NULL; \
-+ else \
-+ ___retval = kzalloc((size_t)___x, (y)); \
-+ ___retval; \
-+})
-+
-+#define __krealloc(x, y, z) \
-+({ \
-+ void *___retval; \
-+ intoverflow_t ___y = (intoverflow_t)y; \
-+ if (WARN(___y > ULONG_MAX, "__krealloc size overflow\n"))\
-+ ___retval = NULL; \
-+ else \
-+ ___retval = __krealloc((x), (size_t)___y, (z)); \
-+ ___retval; \
-+})
-+
-+#define krealloc(x, y, z) \
-+({ \
-+ void *___retval; \
-+ intoverflow_t ___y = (intoverflow_t)y; \
-+ if (WARN(___y > ULONG_MAX, "krealloc size overflow\n")) \
-+ ___retval = NULL; \
-+ else \
-+ ___retval = krealloc((x), (size_t)___y, (z)); \
-+ ___retval; \
-+})
-+
- #endif /* _LINUX_SLAB_H */
+@@ -287,7 +299,7 @@ static inline void *kmem_cache_alloc_node(struct kmem_cache *cachep,
+ */
+ #if defined(CONFIG_DEBUG_SLAB) || defined(CONFIG_SLUB) || \
+ (defined(CONFIG_SLAB) && defined(CONFIG_TRACING))
+-extern void *__kmalloc_track_caller(size_t, gfp_t, unsigned long);
++extern void *__kmalloc_track_caller(size_t, gfp_t, unsigned long) __size_overflow(1);
+ #define kmalloc_track_caller(size, flags) \
+ __kmalloc_track_caller(size, flags, _RET_IP_)
+ #else
+@@ -306,7 +318,7 @@ extern void *__kmalloc_track_caller(size_t, gfp_t, unsigned long);
+ */
+ #if defined(CONFIG_DEBUG_SLAB) || defined(CONFIG_SLUB) || \
+ (defined(CONFIG_SLAB) && defined(CONFIG_TRACING))
+-extern void *__kmalloc_node_track_caller(size_t, gfp_t, int, unsigned long);
++extern void *__kmalloc_node_track_caller(size_t, gfp_t, int, unsigned long) __size_overflow(1);
+ #define kmalloc_node_track_caller(size, flags, node) \
+ __kmalloc_node_track_caller(size, flags, node, \
+ _RET_IP_)
diff --git a/include/linux/slab_def.h b/include/linux/slab_def.h
-index fbd1117..1e5e46c 100644
+index fbd1117..c0bd874 100644
--- a/include/linux/slab_def.h
+++ b/include/linux/slab_def.h
@@ -66,10 +66,10 @@ struct kmem_cache {
@@ -62390,8 +63500,71 @@ index fbd1117..1e5e46c 100644
/*
* If debugging is enabled, then the allocator can add additional
+@@ -107,7 +107,7 @@ struct cache_sizes {
+ extern struct cache_sizes malloc_sizes[];
+
+ void *kmem_cache_alloc(struct kmem_cache *, gfp_t);
+-void *__kmalloc(size_t size, gfp_t flags);
++void *__kmalloc(size_t size, gfp_t flags) __size_overflow(1);
+
+ #ifdef CONFIG_TRACING
+ extern void *kmem_cache_alloc_trace(size_t size,
+@@ -125,6 +125,7 @@ static inline size_t slab_buffer_size(struct kmem_cache *cachep)
+ }
+ #endif
+
++static __always_inline void *kmalloc(size_t size, gfp_t flags) __size_overflow(1);
+ static __always_inline void *kmalloc(size_t size, gfp_t flags)
+ {
+ struct kmem_cache *cachep;
+@@ -160,7 +161,7 @@ found:
+ }
+
+ #ifdef CONFIG_NUMA
+-extern void *__kmalloc_node(size_t size, gfp_t flags, int node);
++extern void *__kmalloc_node(size_t size, gfp_t flags, int node) __size_overflow(1);
+ extern void *kmem_cache_alloc_node(struct kmem_cache *, gfp_t flags, int node);
+
+ #ifdef CONFIG_TRACING
+@@ -179,6 +180,7 @@ kmem_cache_alloc_node_trace(size_t size,
+ }
+ #endif
+
++static __always_inline void *kmalloc_node(size_t size, gfp_t flags, int node) __size_overflow(1);
+ static __always_inline void *kmalloc_node(size_t size, gfp_t flags, int node)
+ {
+ struct kmem_cache *cachep;
+diff --git a/include/linux/slob_def.h b/include/linux/slob_def.h
+index 0ec00b3..65e7e0e 100644
+--- a/include/linux/slob_def.h
++++ b/include/linux/slob_def.h
+@@ -9,8 +9,9 @@ static __always_inline void *kmem_cache_alloc(struct kmem_cache *cachep,
+ return kmem_cache_alloc_node(cachep, flags, -1);
+ }
+
+-void *__kmalloc_node(size_t size, gfp_t flags, int node);
++void *__kmalloc_node(size_t size, gfp_t flags, int node) __size_overflow(1);
+
++static __always_inline void *kmalloc_node(size_t size, gfp_t flags, int node) __size_overflow(1);
+ static __always_inline void *kmalloc_node(size_t size, gfp_t flags, int node)
+ {
+ return __kmalloc_node(size, flags, node);
+@@ -24,11 +25,13 @@ static __always_inline void *kmalloc_node(size_t size, gfp_t flags, int node)
+ * kmalloc is the normal method of allocating memory
+ * in the kernel.
+ */
++static __always_inline void *kmalloc(size_t size, gfp_t flags) __size_overflow(1);
+ static __always_inline void *kmalloc(size_t size, gfp_t flags)
+ {
+ return __kmalloc_node(size, flags, -1);
+ }
+
++static __always_inline void *__kmalloc(size_t size, gfp_t flags) __size_overflow(1);
+ static __always_inline void *__kmalloc(size_t size, gfp_t flags)
+ {
+ return kmalloc(size, flags);
diff --git a/include/linux/slub_def.h b/include/linux/slub_def.h
-index a32bcfd..53b71f4 100644
+index a32bcfd..d26bd6e 100644
--- a/include/linux/slub_def.h
+++ b/include/linux/slub_def.h
@@ -89,7 +89,7 @@ struct kmem_cache {
@@ -62403,15 +63576,59 @@ index a32bcfd..53b71f4 100644
void (*ctor)(void *);
int inuse; /* Offset to metadata */
int align; /* Alignment */
-@@ -215,7 +215,7 @@ static __always_inline struct kmem_cache *kmalloc_slab(size_t size)
+@@ -204,6 +204,7 @@ static __always_inline int kmalloc_index(size_t size)
+ * This ought to end up with a global pointer to the right cache
+ * in kmalloc_caches.
+ */
++static __always_inline struct kmem_cache *kmalloc_slab(size_t size) __size_overflow(1);
+ static __always_inline struct kmem_cache *kmalloc_slab(size_t size)
+ {
+ int index = kmalloc_index(size);
+@@ -215,9 +216,11 @@ static __always_inline struct kmem_cache *kmalloc_slab(size_t size)
}
void *kmem_cache_alloc(struct kmem_cache *, gfp_t);
-void *__kmalloc(size_t size, gfp_t flags);
-+void *__kmalloc(size_t size, gfp_t flags) __alloc_size(1);
++void *__kmalloc(size_t size, gfp_t flags) __alloc_size(1) __size_overflow(1);
static __always_inline void *
++kmalloc_order(size_t size, gfp_t flags, unsigned int order) __size_overflow(1);
++static __always_inline void *
kmalloc_order(size_t size, gfp_t flags, unsigned int order)
+ {
+ void *ret = (void *) __get_free_pages(flags | __GFP_COMP, order);
+@@ -256,12 +259,14 @@ kmalloc_order_trace(size_t size, gfp_t flags, unsigned int order)
+ }
+ #endif
+
++static __always_inline void *kmalloc_large(size_t size, gfp_t flags) __size_overflow(1);
+ static __always_inline void *kmalloc_large(size_t size, gfp_t flags)
+ {
+ unsigned int order = get_order(size);
+ return kmalloc_order_trace(size, flags, order);
+ }
+
++static __always_inline void *kmalloc(size_t size, gfp_t flags) __size_overflow(1);
+ static __always_inline void *kmalloc(size_t size, gfp_t flags)
+ {
+ if (__builtin_constant_p(size)) {
+@@ -281,7 +286,7 @@ static __always_inline void *kmalloc(size_t size, gfp_t flags)
+ }
+
+ #ifdef CONFIG_NUMA
+-void *__kmalloc_node(size_t size, gfp_t flags, int node);
++void *__kmalloc_node(size_t size, gfp_t flags, int node) __size_overflow(1);
+ void *kmem_cache_alloc_node(struct kmem_cache *, gfp_t flags, int node);
+
+ #ifdef CONFIG_TRACING
+@@ -298,6 +303,7 @@ kmem_cache_alloc_node_trace(struct kmem_cache *s,
+ }
+ #endif
+
++static __always_inline void *kmalloc_node(size_t size, gfp_t flags, int node) __size_overflow(1);
+ static __always_inline void *kmalloc_node(size_t size, gfp_t flags, int node)
+ {
+ if (__builtin_constant_p(size) &&
diff --git a/include/linux/sonet.h b/include/linux/sonet.h
index de8832d..0147b46 100644
--- a/include/linux/sonet.h
@@ -62609,7 +63826,7 @@ index e5fa503..df6e8a4 100644
struct list_head {
diff --git a/include/linux/uaccess.h b/include/linux/uaccess.h
-index 5ca0951..ab496a5 100644
+index 5ca0951..53a2fff 100644
--- a/include/linux/uaccess.h
+++ b/include/linux/uaccess.h
@@ -76,11 +76,11 @@ static inline unsigned long __copy_from_user_nocache(void *to,
@@ -62627,6 +63844,15 @@ index 5ca0951..ab496a5 100644
ret; \
})
+@@ -105,7 +105,7 @@ extern long __probe_kernel_read(void *dst, const void *src, size_t size);
+ * Safely write to address @dst from the buffer at @src. If a kernel fault
+ * happens, handle that and return -EFAULT.
+ */
+-extern long notrace probe_kernel_write(void *dst, const void *src, size_t size);
++extern long notrace probe_kernel_write(void *dst, const void *src, size_t size) __size_overflow(3);
+ extern long notrace __probe_kernel_write(void *dst, const void *src, size_t size);
+
+ #endif /* __LINUX_UACCESS_H__ */
diff --git a/include/linux/unaligned/access_ok.h b/include/linux/unaligned/access_ok.h
index 99c1b4d..bb94261 100644
--- a/include/linux/unaligned/access_ok.h
@@ -62734,7 +63960,7 @@ index 6f8fbcf..8259001 100644
+ MODULE_GRSEC
diff --git a/include/linux/vmalloc.h b/include/linux/vmalloc.h
-index dcdfc2b..f937197 100644
+index dcdfc2b..cce598d 100644
--- a/include/linux/vmalloc.h
+++ b/include/linux/vmalloc.h
@@ -14,6 +14,11 @@ struct vm_area_struct; /* vma defining user mapping in mm_types.h */
@@ -62749,110 +63975,46 @@ index dcdfc2b..f937197 100644
/* bits [20..32] reserved for arch specific ioremap internals */
/*
-@@ -157,4 +162,103 @@ pcpu_free_vm_areas(struct vm_struct **vms, int nr_vms)
- # endif
+@@ -51,18 +56,18 @@ static inline void vmalloc_init(void)
+ }
#endif
-+#define vmalloc(x) \
-+({ \
-+ void *___retval; \
-+ intoverflow_t ___x = (intoverflow_t)x; \
-+ if (WARN(___x > ULONG_MAX, "vmalloc size overflow\n")) \
-+ ___retval = NULL; \
-+ else \
-+ ___retval = vmalloc((unsigned long)___x); \
-+ ___retval; \
-+})
-+
-+#define vzalloc(x) \
-+({ \
-+ void *___retval; \
-+ intoverflow_t ___x = (intoverflow_t)x; \
-+ if (WARN(___x > ULONG_MAX, "vzalloc size overflow\n")) \
-+ ___retval = NULL; \
-+ else \
-+ ___retval = vzalloc((unsigned long)___x); \
-+ ___retval; \
-+})
-+
-+#define __vmalloc(x, y, z) \
-+({ \
-+ void *___retval; \
-+ intoverflow_t ___x = (intoverflow_t)x; \
-+ if (WARN(___x > ULONG_MAX, "__vmalloc size overflow\n"))\
-+ ___retval = NULL; \
-+ else \
-+ ___retval = __vmalloc((unsigned long)___x, (y), (z));\
-+ ___retval; \
-+})
-+
-+#define vmalloc_user(x) \
-+({ \
-+ void *___retval; \
-+ intoverflow_t ___x = (intoverflow_t)x; \
-+ if (WARN(___x > ULONG_MAX, "vmalloc_user size overflow\n"))\
-+ ___retval = NULL; \
-+ else \
-+ ___retval = vmalloc_user((unsigned long)___x); \
-+ ___retval; \
-+})
-+
-+#define vmalloc_exec(x) \
-+({ \
-+ void *___retval; \
-+ intoverflow_t ___x = (intoverflow_t)x; \
-+ if (WARN(___x > ULONG_MAX, "vmalloc_exec size overflow\n"))\
-+ ___retval = NULL; \
-+ else \
-+ ___retval = vmalloc_exec((unsigned long)___x); \
-+ ___retval; \
-+})
-+
-+#define vmalloc_node(x, y) \
-+({ \
-+ void *___retval; \
-+ intoverflow_t ___x = (intoverflow_t)x; \
-+ if (WARN(___x > ULONG_MAX, "vmalloc_node size overflow\n"))\
-+ ___retval = NULL; \
-+ else \
-+ ___retval = vmalloc_node((unsigned long)___x, (y));\
-+ ___retval; \
-+})
-+
-+#define vzalloc_node(x, y) \
-+({ \
-+ void *___retval; \
-+ intoverflow_t ___x = (intoverflow_t)x; \
-+ if (WARN(___x > ULONG_MAX, "vzalloc_node size overflow\n"))\
-+ ___retval = NULL; \
-+ else \
-+ ___retval = vzalloc_node((unsigned long)___x, (y));\
-+ ___retval; \
-+})
-+
-+#define vmalloc_32(x) \
-+({ \
-+ void *___retval; \
-+ intoverflow_t ___x = (intoverflow_t)x; \
-+ if (WARN(___x > ULONG_MAX, "vmalloc_32 size overflow\n"))\
-+ ___retval = NULL; \
-+ else \
-+ ___retval = vmalloc_32((unsigned long)___x); \
-+ ___retval; \
-+})
-+
-+#define vmalloc_32_user(x) \
-+({ \
-+void *___retval; \
-+ intoverflow_t ___x = (intoverflow_t)x; \
-+ if (WARN(___x > ULONG_MAX, "vmalloc_32_user size overflow\n"))\
-+ ___retval = NULL; \
-+ else \
-+ ___retval = vmalloc_32_user((unsigned long)___x);\
-+ ___retval; \
-+})
-+
- #endif /* _LINUX_VMALLOC_H */
+-extern void *vmalloc(unsigned long size);
+-extern void *vzalloc(unsigned long size);
+-extern void *vmalloc_user(unsigned long size);
+-extern void *vmalloc_node(unsigned long size, int node);
+-extern void *vzalloc_node(unsigned long size, int node);
+-extern void *vmalloc_exec(unsigned long size);
+-extern void *vmalloc_32(unsigned long size);
+-extern void *vmalloc_32_user(unsigned long size);
+-extern void *__vmalloc(unsigned long size, gfp_t gfp_mask, pgprot_t prot);
++extern void *vmalloc(unsigned long size) __size_overflow(1);
++extern void *vzalloc(unsigned long size) __size_overflow(1);
++extern void *vmalloc_user(unsigned long size) __size_overflow(1);
++extern void *vmalloc_node(unsigned long size, int node) __size_overflow(1);
++extern void *vzalloc_node(unsigned long size, int node) __size_overflow(1);
++extern void *vmalloc_exec(unsigned long size) __size_overflow(1);
++extern void *vmalloc_32(unsigned long size) __size_overflow(1);
++extern void *vmalloc_32_user(unsigned long size) __size_overflow(1);
++extern void *__vmalloc(unsigned long size, gfp_t gfp_mask, pgprot_t prot) __size_overflow(1);
+ extern void *__vmalloc_node_range(unsigned long size, unsigned long align,
+ unsigned long start, unsigned long end, gfp_t gfp_mask,
+- pgprot_t prot, int node, void *caller);
++ pgprot_t prot, int node, void *caller) __size_overflow(1);
+ extern void vfree(const void *addr);
+
+ extern void *vmap(struct page **pages, unsigned int count,
+@@ -123,8 +128,8 @@ extern struct vm_struct *alloc_vm_area(size_t size, pte_t **ptes);
+ extern void free_vm_area(struct vm_struct *area);
+
+ /* for /dev/kmem */
+-extern long vread(char *buf, char *addr, unsigned long count);
+-extern long vwrite(char *buf, char *addr, unsigned long count);
++extern long vread(char *buf, char *addr, unsigned long count) __size_overflow(3);
++extern long vwrite(char *buf, char *addr, unsigned long count) __size_overflow(3);
+
+ /*
+ * Internals. Dont't use..
diff --git a/include/linux/vmstat.h b/include/linux/vmstat.h
index 65efb92..137adbb 100644
--- a/include/linux/vmstat.h
@@ -63428,7 +64590,7 @@ index 444cd6b..3327cc5 100644
const struct firmware *dsp_microcode;
const struct firmware *controller_microcode;
diff --git a/include/target/target_core_base.h b/include/target/target_core_base.h
-index dc4e345..6bf6080 100644
+index fe73eb8..56388b1 100644
--- a/include/target/target_core_base.h
+++ b/include/target/target_core_base.h
@@ -443,7 +443,7 @@ struct t10_reservation_ops {
@@ -64472,7 +65634,7 @@ index 42e8fa0..9e7406b 100644
return -ENOMEM;
diff --git a/kernel/cred.c b/kernel/cred.c
-index 5791612..a3c04dc 100644
+index 48c6fd3..3342f00 100644
--- a/kernel/cred.c
+++ b/kernel/cred.c
@@ -204,6 +204,15 @@ void exit_creds(struct task_struct *tsk)
@@ -64491,7 +65653,7 @@ index 5791612..a3c04dc 100644
}
/**
-@@ -470,7 +479,7 @@ error_put:
+@@ -472,7 +481,7 @@ error_put:
* Always returns 0 thus allowing this function to be tail-called at the end
* of, say, sys_setgid().
*/
@@ -64500,7 +65662,7 @@ index 5791612..a3c04dc 100644
{
struct task_struct *task = current;
const struct cred *old = task->real_cred;
-@@ -489,6 +498,8 @@ int commit_creds(struct cred *new)
+@@ -491,6 +500,8 @@ int commit_creds(struct cred *new)
get_cred(new); /* we will require a ref for the subj creds too */
@@ -64509,7 +65671,7 @@ index 5791612..a3c04dc 100644
/* dumpability changes */
if (old->euid != new->euid ||
old->egid != new->egid ||
-@@ -538,6 +549,92 @@ int commit_creds(struct cred *new)
+@@ -540,6 +551,92 @@ int commit_creds(struct cred *new)
put_cred(old);
return 0;
}
@@ -64603,7 +65765,7 @@ index 5791612..a3c04dc 100644
/**
diff --git a/kernel/debug/debug_core.c b/kernel/debug/debug_core.c
-index 0d7c087..01b8cef 100644
+index 7fda904..59f620c 100644
--- a/kernel/debug/debug_core.c
+++ b/kernel/debug/debug_core.c
@@ -119,7 +119,7 @@ static DEFINE_RAW_SPINLOCK(dbg_slave_lock);
@@ -64624,7 +65786,7 @@ index 0d7c087..01b8cef 100644
/*
* If you are debugging a problem where roundup (the collection of
-@@ -542,7 +542,7 @@ return_normal:
+@@ -537,7 +537,7 @@ return_normal:
* kernel will only try for the value of sstep_tries before
* giving up and continuing on.
*/
@@ -64633,7 +65795,7 @@ index 0d7c087..01b8cef 100644
(kgdb_info[cpu].task &&
kgdb_info[cpu].task->pid != kgdb_sstep_pid) && --sstep_tries) {
atomic_set(&kgdb_active, -1);
-@@ -636,8 +636,8 @@ cpu_master_loop:
+@@ -631,8 +631,8 @@ cpu_master_loop:
}
kgdb_restore:
@@ -64644,7 +65806,7 @@ index 0d7c087..01b8cef 100644
if (kgdb_info[sstep_cpu].task)
kgdb_sstep_pid = kgdb_info[sstep_cpu].task->pid;
else
-@@ -834,18 +834,18 @@ static void kgdb_unregister_callbacks(void)
+@@ -829,18 +829,18 @@ static void kgdb_unregister_callbacks(void)
static void kgdb_tasklet_bpt(unsigned long ing)
{
kgdb_breakpoint();
@@ -65178,7 +66340,7 @@ index 26a7a67..a1053f9 100644
else
new_fs = fs;
diff --git a/kernel/futex.c b/kernel/futex.c
-index 1614be2..37abc7e 100644
+index 0677023..f3c3b79 100644
--- a/kernel/futex.c
+++ b/kernel/futex.c
@@ -54,6 +54,7 @@
@@ -65212,7 +66374,7 @@ index 1614be2..37abc7e 100644
pcred = __task_cred(p);
/* If victim is in different user_ns, then uids are not
comparable, so we must have CAP_SYS_PTRACE */
-@@ -2724,6 +2734,7 @@ static int __init futex_init(void)
+@@ -2731,6 +2741,7 @@ static int __init futex_init(void)
{
u32 curval;
int i;
@@ -65220,7 +66382,7 @@ index 1614be2..37abc7e 100644
/*
* This will fail and we want it. Some arch implementations do
-@@ -2735,8 +2746,11 @@ static int __init futex_init(void)
+@@ -2742,8 +2753,11 @@ static int __init futex_init(void)
* implementation, the non-functional ones will return
* -ENOSYS.
*/
@@ -65451,7 +66613,7 @@ index 7b08867..3bac516 100644
/* Don't allow clients that don't understand the native
diff --git a/kernel/kmod.c b/kernel/kmod.c
-index a0a8854..642b106 100644
+index a3a46cb..f2e42f8 100644
--- a/kernel/kmod.c
+++ b/kernel/kmod.c
@@ -75,13 +75,12 @@ char modprobe_path[KMOD_PATH_LEN] = "/sbin/modprobe";
@@ -65599,6 +66761,19 @@ index c62b854..cb67968 100644
head = &kprobe_table[i];
preempt_disable();
+diff --git a/kernel/ksysfs.c b/kernel/ksysfs.c
+index 4e316e1..5501eef 100644
+--- a/kernel/ksysfs.c
++++ b/kernel/ksysfs.c
+@@ -47,6 +47,8 @@ static ssize_t uevent_helper_store(struct kobject *kobj,
+ {
+ if (count+1 > UEVENT_HELPER_PATH_LEN)
+ return -ENOENT;
++ if (!capable(CAP_SYS_ADMIN))
++ return -EPERM;
+ memcpy(uevent_helper, buf, count);
+ uevent_helper[count] = '\0';
+ if (count && uevent_helper[count-1] == '\n')
diff --git a/kernel/lockdep.c b/kernel/lockdep.c
index 8889f7d..95319b7 100644
--- a/kernel/lockdep.c
@@ -65645,7 +66820,7 @@ index 91c32a0..b2c71c5 100644
if (!name) {
diff --git a/kernel/module.c b/kernel/module.c
-index 2c93276..476fe81 100644
+index 3d56b6f..2a22bd0 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -58,6 +58,7 @@
@@ -66026,7 +67201,7 @@ index 2c93276..476fe81 100644
mutex_unlock(&module_mutex);
}
return ret;
-@@ -2513,8 +2550,14 @@ static struct module *setup_load_info(struct load_info *info)
+@@ -2512,8 +2549,14 @@ static struct module *setup_load_info(struct load_info *info)
static int check_modinfo(struct module *mod, struct load_info *info)
{
const char *modmagic = get_modinfo(info, "vermagic");
@@ -66041,7 +67216,7 @@ index 2c93276..476fe81 100644
/* This is allowed: modprobe --force will invalidate it. */
if (!modmagic) {
err = try_to_force_load(mod, "bad vermagic");
-@@ -2537,7 +2580,7 @@ static int check_modinfo(struct module *mod, struct load_info *info)
+@@ -2536,7 +2579,7 @@ static int check_modinfo(struct module *mod, struct load_info *info)
}
/* Set up license info based on the info section */
@@ -66050,7 +67225,7 @@ index 2c93276..476fe81 100644
return 0;
}
-@@ -2631,7 +2674,7 @@ static int move_module(struct module *mod, struct load_info *info)
+@@ -2630,7 +2673,7 @@ static int move_module(struct module *mod, struct load_info *info)
void *ptr;
/* Do the allocs. */
@@ -66059,7 +67234,7 @@ index 2c93276..476fe81 100644
/*
* The pointer to this block is stored in the module structure
* which is inside the block. Just mark it as not being a
-@@ -2641,23 +2684,50 @@ static int move_module(struct module *mod, struct load_info *info)
+@@ -2640,23 +2683,50 @@ static int move_module(struct module *mod, struct load_info *info)
if (!ptr)
return -ENOMEM;
@@ -66118,7 +67293,7 @@ index 2c93276..476fe81 100644
/* Transfer each section which specifies SHF_ALLOC */
pr_debug("final section addresses:\n");
-@@ -2668,16 +2738,45 @@ static int move_module(struct module *mod, struct load_info *info)
+@@ -2667,16 +2737,45 @@ static int move_module(struct module *mod, struct load_info *info)
if (!(shdr->sh_flags & SHF_ALLOC))
continue;
@@ -66171,7 +67346,7 @@ index 2c93276..476fe81 100644
pr_debug("\t0x%lx %s\n",
(long)shdr->sh_addr, info->secstrings + shdr->sh_name);
}
-@@ -2728,12 +2827,12 @@ static void flush_module_icache(const struct module *mod)
+@@ -2727,12 +2826,12 @@ static void flush_module_icache(const struct module *mod)
* Do it before processing of module parameters, so the module
* can provide parameter accessor functions of its own.
*/
@@ -66190,7 +67365,7 @@ index 2c93276..476fe81 100644
set_fs(old_fs);
}
-@@ -2803,8 +2902,10 @@ out:
+@@ -2802,8 +2901,10 @@ out:
static void module_deallocate(struct module *mod, struct load_info *info)
{
percpu_modfree(mod);
@@ -66203,7 +67378,7 @@ index 2c93276..476fe81 100644
}
int __weak module_finalize(const Elf_Ehdr *hdr,
-@@ -2868,9 +2969,38 @@ static struct module *load_module(void __user *umod,
+@@ -2867,9 +2968,38 @@ static struct module *load_module(void __user *umod,
if (err)
goto free_unload;
@@ -66242,7 +67417,7 @@ index 2c93276..476fe81 100644
/* Fix up syms, so that st_value is a pointer to location. */
err = simplify_symbols(mod, &info);
if (err < 0)
-@@ -2886,13 +3016,6 @@ static struct module *load_module(void __user *umod,
+@@ -2885,13 +3015,6 @@ static struct module *load_module(void __user *umod,
flush_module_icache(mod);
@@ -66256,7 +67431,7 @@ index 2c93276..476fe81 100644
/* Mark state as coming so strong_try_module_get() ignores us. */
mod->state = MODULE_STATE_COMING;
-@@ -2949,11 +3072,10 @@ static struct module *load_module(void __user *umod,
+@@ -2948,11 +3071,10 @@ static struct module *load_module(void __user *umod,
unlock:
mutex_unlock(&module_mutex);
synchronize_sched();
@@ -66269,7 +67444,7 @@ index 2c93276..476fe81 100644
free_unload:
module_unload_free(mod);
free_module:
-@@ -2994,16 +3116,16 @@ SYSCALL_DEFINE3(init_module, void __user *, umod,
+@@ -2993,16 +3115,16 @@ SYSCALL_DEFINE3(init_module, void __user *, umod,
MODULE_STATE_COMING, mod);
/* Set RO and NX regions for core */
@@ -66294,7 +67469,7 @@ index 2c93276..476fe81 100644
do_mod_ctors(mod);
/* Start the module */
-@@ -3049,11 +3171,12 @@ SYSCALL_DEFINE3(init_module, void __user *, umod,
+@@ -3048,11 +3170,12 @@ SYSCALL_DEFINE3(init_module, void __user *, umod,
mod->strtab = mod->core_strtab;
#endif
unset_module_init_ro_nx(mod);
@@ -66312,7 +67487,7 @@ index 2c93276..476fe81 100644
mutex_unlock(&module_mutex);
return 0;
-@@ -3084,10 +3207,16 @@ static const char *get_ksymbol(struct module *mod,
+@@ -3083,10 +3206,16 @@ static const char *get_ksymbol(struct module *mod,
unsigned long nextval;
/* At worse, next value is at end of module */
@@ -66332,7 +67507,7 @@ index 2c93276..476fe81 100644
/* Scan for closest preceding symbol, and next symbol. (ELF
starts real symbols at 1). */
-@@ -3322,7 +3451,7 @@ static int m_show(struct seq_file *m, void *p)
+@@ -3321,7 +3450,7 @@ static int m_show(struct seq_file *m, void *p)
char buf[8];
seq_printf(m, "%s %u",
@@ -66341,7 +67516,7 @@ index 2c93276..476fe81 100644
print_unload_info(m, mod);
/* Informative for users. */
-@@ -3331,7 +3460,7 @@ static int m_show(struct seq_file *m, void *p)
+@@ -3330,7 +3459,7 @@ static int m_show(struct seq_file *m, void *p)
mod->state == MODULE_STATE_COMING ? "Loading":
"Live");
/* Used by oprofile and other similar tools. */
@@ -66350,7 +67525,7 @@ index 2c93276..476fe81 100644
/* Taints info */
if (mod->taints)
-@@ -3367,7 +3496,17 @@ static const struct file_operations proc_modules_operations = {
+@@ -3366,7 +3495,17 @@ static const struct file_operations proc_modules_operations = {
static int __init proc_modules_init(void)
{
@@ -66368,7 +67543,7 @@ index 2c93276..476fe81 100644
return 0;
}
module_init(proc_modules_init);
-@@ -3426,12 +3565,12 @@ struct module *__module_address(unsigned long addr)
+@@ -3425,12 +3564,12 @@ struct module *__module_address(unsigned long addr)
{
struct module *mod;
@@ -66384,7 +67559,7 @@ index 2c93276..476fe81 100644
return mod;
return NULL;
}
-@@ -3465,11 +3604,20 @@ bool is_module_text_address(unsigned long addr)
+@@ -3464,11 +3603,20 @@ bool is_module_text_address(unsigned long addr)
*/
struct module *__module_text_address(unsigned long addr)
{
@@ -66516,9 +67691,18 @@ index b452599..5d68f4e 100644
atomic_set(&pd->refcnt, 0);
pd->pinst = pinst;
diff --git a/kernel/panic.c b/kernel/panic.c
-index 80aed44..f291d37 100644
+index 80aed44..e83856a 100644
--- a/kernel/panic.c
+++ b/kernel/panic.c
+@@ -97,7 +97,7 @@ void panic(const char *fmt, ...)
+ /*
+ * Avoid nested stack-dumping if a panic occurs during oops processing
+ */
+- if (!oops_in_progress)
++ if (!test_taint(TAINT_DIE) && oops_in_progress <= 1)
+ dump_stack();
+ #endif
+
@@ -402,7 +402,7 @@ static void warn_slowpath_common(const char *file, int line, void *caller,
const char *board;
@@ -66735,10 +67919,10 @@ index d523593..68197a4 100644
register_sysrq_key('o', &sysrq_poweroff_op);
return 0;
diff --git a/kernel/power/process.c b/kernel/power/process.c
-index 7e42645..3d43df1 100644
+index 7aac07a..2d3c6dc 100644
--- a/kernel/power/process.c
+++ b/kernel/power/process.c
-@@ -32,6 +32,7 @@ static int try_to_freeze_tasks(bool user_only)
+@@ -33,6 +33,7 @@ static int try_to_freeze_tasks(bool user_only)
u64 elapsed_csecs64;
unsigned int elapsed_csecs;
bool wakeup = false;
@@ -66746,7 +67930,7 @@ index 7e42645..3d43df1 100644
do_gettimeofday(&start);
-@@ -42,6 +43,8 @@ static int try_to_freeze_tasks(bool user_only)
+@@ -43,6 +44,8 @@ static int try_to_freeze_tasks(bool user_only)
while (true) {
todo = 0;
@@ -66755,7 +67939,7 @@ index 7e42645..3d43df1 100644
read_lock(&tasklist_lock);
do_each_thread(g, p) {
if (p == current || !freeze_task(p))
-@@ -59,9 +62,13 @@ static int try_to_freeze_tasks(bool user_only)
+@@ -60,9 +63,13 @@ static int try_to_freeze_tasks(bool user_only)
* try_to_stop() after schedule() in ptrace/signal
* stop sees TIF_FREEZE.
*/
@@ -66771,7 +67955,7 @@ index 7e42645..3d43df1 100644
} while_each_thread(g, p);
read_unlock(&tasklist_lock);
-@@ -70,7 +77,7 @@ static int try_to_freeze_tasks(bool user_only)
+@@ -71,7 +78,7 @@ static int try_to_freeze_tasks(bool user_only)
todo += wq_busy;
}
@@ -67956,7 +69140,7 @@ index 888d227..f04b318 100644
break;
}
diff --git a/kernel/sysctl.c b/kernel/sysctl.c
-index f487f25..9056a9e 100644
+index f03a6ef..5fcc8af 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -86,6 +86,13 @@
@@ -68044,7 +69228,7 @@ index f487f25..9056a9e 100644
.data = &kptr_restrict,
.maxlen = sizeof(int),
.mode = 0644,
- .proc_handler = proc_dmesg_restrict,
+ .proc_handler = proc_dointvec_minmax_sysadmin,
+#ifdef CONFIG_GRKERNSEC_HIDESYM
+ .extra1 = &two,
+#else
@@ -68512,10 +69696,10 @@ index 683d559..d70d914 100644
struct ftrace_func_probe *entry;
struct ftrace_page *pg;
diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
-index a3f1bc5..5e651718 100644
+index c4579f1..6a439da 100644
--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
-@@ -4254,10 +4254,9 @@ static const struct file_operations tracing_dyn_info_fops = {
+@@ -4258,10 +4258,9 @@ static const struct file_operations tracing_dyn_info_fops = {
};
#endif
@@ -68527,7 +69711,7 @@ index a3f1bc5..5e651718 100644
static int once;
if (d_tracer)
-@@ -4277,10 +4276,9 @@ struct dentry *tracing_init_dentry(void)
+@@ -4281,10 +4280,9 @@ struct dentry *tracing_init_dentry(void)
return d_tracer;
}
@@ -69409,7 +70593,7 @@ index 56080ea..115071e 100644
/* keep elevated page count for bad page */
return ret;
diff --git a/mm/memory.c b/mm/memory.c
-index fa2f04e..a8a40c8 100644
+index 10b4dda..764ee07 100644
--- a/mm/memory.c
+++ b/mm/memory.c
@@ -457,8 +457,12 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud,
@@ -69438,7 +70622,7 @@ index fa2f04e..a8a40c8 100644
}
/*
-@@ -1585,12 +1592,6 @@ no_page_table:
+@@ -1593,12 +1600,6 @@ no_page_table:
return page;
}
@@ -69451,7 +70635,7 @@ index fa2f04e..a8a40c8 100644
/**
* __get_user_pages() - pin user pages in memory
* @tsk: task_struct of target task
-@@ -1663,10 +1664,10 @@ int __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
+@@ -1671,10 +1672,10 @@ int __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
(VM_MAYREAD | VM_MAYWRITE) : (VM_READ | VM_WRITE);
i = 0;
@@ -69464,7 +70648,7 @@ index fa2f04e..a8a40c8 100644
if (!vma && in_gate_area(mm, start)) {
unsigned long pg = start & PAGE_MASK;
pgd_t *pgd;
-@@ -1714,7 +1715,7 @@ int __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
+@@ -1722,7 +1723,7 @@ int __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
goto next_page;
}
@@ -69473,7 +70657,7 @@ index fa2f04e..a8a40c8 100644
(vma->vm_flags & (VM_IO | VM_PFNMAP)) ||
!(vm_flags & vma->vm_flags))
return i ? : -EFAULT;
-@@ -1741,11 +1742,6 @@ int __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
+@@ -1749,11 +1750,6 @@ int __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
int ret;
unsigned int fault_flags = 0;
@@ -69485,7 +70669,7 @@ index fa2f04e..a8a40c8 100644
if (foll_flags & FOLL_WRITE)
fault_flags |= FAULT_FLAG_WRITE;
if (nonblocking)
-@@ -1819,7 +1815,7 @@ next_page:
+@@ -1827,7 +1823,7 @@ next_page:
start += PAGE_SIZE;
nr_pages--;
} while (nr_pages && start < vma->vm_end);
@@ -69494,7 +70678,7 @@ index fa2f04e..a8a40c8 100644
return i;
}
EXPORT_SYMBOL(__get_user_pages);
-@@ -2026,6 +2022,10 @@ static int insert_page(struct vm_area_struct *vma, unsigned long addr,
+@@ -2034,6 +2030,10 @@ static int insert_page(struct vm_area_struct *vma, unsigned long addr,
page_add_file_rmap(page);
set_pte_at(mm, addr, pte, mk_pte(page, prot));
@@ -69505,7 +70689,7 @@ index fa2f04e..a8a40c8 100644
retval = 0;
pte_unmap_unlock(pte, ptl);
return retval;
-@@ -2060,10 +2060,22 @@ out:
+@@ -2068,10 +2068,22 @@ out:
int vm_insert_page(struct vm_area_struct *vma, unsigned long addr,
struct page *page)
{
@@ -69528,7 +70712,7 @@ index fa2f04e..a8a40c8 100644
vma->vm_flags |= VM_INSERTPAGE;
return insert_page(vma, addr, page, vma->vm_page_prot);
}
-@@ -2149,6 +2161,7 @@ int vm_insert_mixed(struct vm_area_struct *vma, unsigned long addr,
+@@ -2157,6 +2169,7 @@ int vm_insert_mixed(struct vm_area_struct *vma, unsigned long addr,
unsigned long pfn)
{
BUG_ON(!(vma->vm_flags & VM_MIXEDMAP));
@@ -69536,7 +70720,7 @@ index fa2f04e..a8a40c8 100644
if (addr < vma->vm_start || addr >= vma->vm_end)
return -EFAULT;
-@@ -2464,6 +2477,186 @@ static inline void cow_user_page(struct page *dst, struct page *src, unsigned lo
+@@ -2472,6 +2485,186 @@ static inline void cow_user_page(struct page *dst, struct page *src, unsigned lo
copy_user_highpage(dst, src, va, vma);
}
@@ -69723,7 +70907,7 @@ index fa2f04e..a8a40c8 100644
/*
* This routine handles present pages, when users try to write
* to a shared page. It is done by copying the page to a new address
-@@ -2675,6 +2868,12 @@ gotten:
+@@ -2683,6 +2876,12 @@ gotten:
*/
page_table = pte_offset_map_lock(mm, pmd, address, &ptl);
if (likely(pte_same(*page_table, orig_pte))) {
@@ -69736,7 +70920,7 @@ index fa2f04e..a8a40c8 100644
if (old_page) {
if (!PageAnon(old_page)) {
dec_mm_counter_fast(mm, MM_FILEPAGES);
-@@ -2726,6 +2925,10 @@ gotten:
+@@ -2734,6 +2933,10 @@ gotten:
page_remove_rmap(old_page);
}
@@ -69747,7 +70931,7 @@ index fa2f04e..a8a40c8 100644
/* Free the old page.. */
new_page = old_page;
ret |= VM_FAULT_WRITE;
-@@ -3005,6 +3208,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3013,6 +3216,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma,
swap_free(entry);
if (vm_swap_full() || (vma->vm_flags & VM_LOCKED) || PageMlocked(page))
try_to_free_swap(page);
@@ -69759,7 +70943,7 @@ index fa2f04e..a8a40c8 100644
unlock_page(page);
if (swapcache) {
/*
-@@ -3028,6 +3236,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3036,6 +3244,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma,
/* No need to invalidate - it was non-present before */
update_mmu_cache(vma, address, page_table);
@@ -69771,7 +70955,7 @@ index fa2f04e..a8a40c8 100644
unlock:
pte_unmap_unlock(page_table, ptl);
out:
-@@ -3047,40 +3260,6 @@ out_release:
+@@ -3055,40 +3268,6 @@ out_release:
}
/*
@@ -69812,7 +70996,7 @@ index fa2f04e..a8a40c8 100644
* We enter with non-exclusive mmap_sem (to exclude vma changes,
* but allow concurrent faults), and pte mapped but not yet locked.
* We return with mmap_sem still held, but pte unmapped and unlocked.
-@@ -3089,27 +3268,23 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3097,27 +3276,23 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma,
unsigned long address, pte_t *page_table, pmd_t *pmd,
unsigned int flags)
{
@@ -69845,7 +71029,7 @@ index fa2f04e..a8a40c8 100644
if (unlikely(anon_vma_prepare(vma)))
goto oom;
page = alloc_zeroed_user_highpage_movable(vma, address);
-@@ -3128,6 +3303,11 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3136,6 +3311,11 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma,
if (!pte_none(*page_table))
goto release;
@@ -69857,7 +71041,7 @@ index fa2f04e..a8a40c8 100644
inc_mm_counter_fast(mm, MM_ANONPAGES);
page_add_new_anon_rmap(page, vma, address);
setpte:
-@@ -3135,6 +3315,12 @@ setpte:
+@@ -3143,6 +3323,12 @@ setpte:
/* No need to invalidate - it was non-present before */
update_mmu_cache(vma, address, page_table);
@@ -69870,7 +71054,7 @@ index fa2f04e..a8a40c8 100644
unlock:
pte_unmap_unlock(page_table, ptl);
return 0;
-@@ -3278,6 +3464,12 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3286,6 +3472,12 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma,
*/
/* Only go through if we didn't race with anybody else... */
if (likely(pte_same(*page_table, orig_pte))) {
@@ -69883,7 +71067,7 @@ index fa2f04e..a8a40c8 100644
flush_icache_page(vma, page);
entry = mk_pte(page, vma->vm_page_prot);
if (flags & FAULT_FLAG_WRITE)
-@@ -3297,6 +3489,14 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3305,6 +3497,14 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma,
/* no need to invalidate: a not-present page won't be cached */
update_mmu_cache(vma, address, page_table);
@@ -69898,7 +71082,7 @@ index fa2f04e..a8a40c8 100644
} else {
if (cow_page)
mem_cgroup_uncharge_page(cow_page);
-@@ -3450,6 +3650,12 @@ int handle_pte_fault(struct mm_struct *mm,
+@@ -3458,6 +3658,12 @@ int handle_pte_fault(struct mm_struct *mm,
if (flags & FAULT_FLAG_WRITE)
flush_tlb_fix_spurious_fault(vma, address);
}
@@ -69911,7 +71095,7 @@ index fa2f04e..a8a40c8 100644
unlock:
pte_unmap_unlock(pte, ptl);
return 0;
-@@ -3466,6 +3672,10 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3474,6 +3680,10 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma,
pmd_t *pmd;
pte_t *pte;
@@ -69922,7 +71106,7 @@ index fa2f04e..a8a40c8 100644
__set_current_state(TASK_RUNNING);
count_vm_event(PGFAULT);
-@@ -3477,6 +3687,34 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3485,6 +3695,34 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma,
if (unlikely(is_vm_hugetlb_page(vma)))
return hugetlb_fault(mm, vma, address, flags);
@@ -69957,7 +71141,7 @@ index fa2f04e..a8a40c8 100644
pgd = pgd_offset(mm, address);
pud = pud_alloc(mm, pgd, address);
if (!pud)
-@@ -3506,7 +3744,7 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3514,7 +3752,7 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma,
* run pte_offset_map on the pmd, if an huge pmd could
* materialize from under us from a different thread.
*/
@@ -69966,7 +71150,7 @@ index fa2f04e..a8a40c8 100644
return VM_FAULT_OOM;
/* if an huge pmd materialized from under us just retry later */
if (unlikely(pmd_trans_huge(*pmd)))
-@@ -3610,7 +3848,7 @@ static int __init gate_vma_init(void)
+@@ -3618,7 +3856,7 @@ static int __init gate_vma_init(void)
gate_vma.vm_start = FIXADDR_USER_START;
gate_vma.vm_end = FIXADDR_USER_END;
gate_vma.vm_flags = VM_READ | VM_MAYREAD | VM_EXEC | VM_MAYEXEC;
@@ -69976,7 +71160,7 @@ index fa2f04e..a8a40c8 100644
* Make sure the vDSO gets into every core dump.
* Dumping its contents makes post-mortem fully interpretable later
diff --git a/mm/mempolicy.c b/mm/mempolicy.c
-index 47296fe..5c3d263 100644
+index 0a37570..2048346 100644
--- a/mm/mempolicy.c
+++ b/mm/mempolicy.c
@@ -640,6 +640,10 @@ static int mbind_range(struct mm_struct *mm, unsigned long start,
@@ -70157,7 +71341,7 @@ index ef726e8..13e0901 100644
capable(CAP_IPC_LOCK))
ret = do_mlockall(flags);
diff --git a/mm/mmap.c b/mm/mmap.c
-index da15a79..2e3d9ff 100644
+index da15a79..314aef3 100644
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -46,6 +46,16 @@
@@ -71386,16 +72570,20 @@ index da15a79..2e3d9ff 100644
/*
* Return true if the calling process may expand its vm space by the passed
* number of pages
-@@ -2392,7 +2882,7 @@ int may_expand_vm(struct mm_struct *mm, unsigned long npages)
- unsigned long lim;
+@@ -2393,6 +2883,12 @@ int may_expand_vm(struct mm_struct *mm, unsigned long npages)
lim = rlimit(RLIMIT_AS) >> PAGE_SHIFT;
--
+
++#ifdef CONFIG_PAX_RANDMMAP
++ if (mm->pax_flags & MF_PAX_RANDMMAP)
++ cur -= mm->brk_gap;
++#endif
++
+ gr_learn_resource(current, RLIMIT_AS, (cur + npages) << PAGE_SHIFT, 1);
if (cur + npages > lim)
return 0;
return 1;
-@@ -2463,6 +2953,22 @@ int install_special_mapping(struct mm_struct *mm,
+@@ -2463,6 +2959,22 @@ int install_special_mapping(struct mm_struct *mm,
vma->vm_start = addr;
vma->vm_end = addr + len;
@@ -72570,7 +73758,7 @@ index 8105be4..e045f96 100644
EXPORT_SYMBOL(kmem_cache_free);
diff --git a/mm/slub.c b/mm/slub.c
-index 4907563..e3d7905 100644
+index 0342a5d..8180ae9 100644
--- a/mm/slub.c
+++ b/mm/slub.c
@@ -208,7 +208,7 @@ struct track {
@@ -72736,7 +73924,7 @@ index 4907563..e3d7905 100644
goto err;
}
up_write(&slub_lock);
-@@ -4041,7 +4086,7 @@ void *__kmalloc_node_track_caller(size_t size, gfp_t gfpflags,
+@@ -4042,7 +4087,7 @@ void *__kmalloc_node_track_caller(size_t size, gfp_t gfpflags,
}
#endif
@@ -72745,7 +73933,7 @@ index 4907563..e3d7905 100644
static int count_inuse(struct page *page)
{
return page->inuse;
-@@ -4428,12 +4473,12 @@ static void resiliency_test(void)
+@@ -4429,12 +4474,12 @@ static void resiliency_test(void)
validate_slab_cache(kmalloc_caches[9]);
}
#else
@@ -72760,7 +73948,7 @@ index 4907563..e3d7905 100644
enum slab_stat_type {
SL_ALL, /* All slabs */
SL_PARTIAL, /* Only partially allocated slabs */
-@@ -4676,7 +4721,7 @@ SLAB_ATTR_RO(ctor);
+@@ -4677,7 +4722,7 @@ SLAB_ATTR_RO(ctor);
static ssize_t aliases_show(struct kmem_cache *s, char *buf)
{
@@ -72769,7 +73957,7 @@ index 4907563..e3d7905 100644
}
SLAB_ATTR_RO(aliases);
-@@ -5243,6 +5288,7 @@ static char *create_unique_id(struct kmem_cache *s)
+@@ -5244,6 +5289,7 @@ static char *create_unique_id(struct kmem_cache *s)
return name;
}
@@ -72777,7 +73965,7 @@ index 4907563..e3d7905 100644
static int sysfs_slab_add(struct kmem_cache *s)
{
int err;
-@@ -5305,6 +5351,7 @@ static void sysfs_slab_remove(struct kmem_cache *s)
+@@ -5306,6 +5352,7 @@ static void sysfs_slab_remove(struct kmem_cache *s)
kobject_del(&s->kobj);
kobject_put(&s->kobj);
}
@@ -72785,7 +73973,7 @@ index 4907563..e3d7905 100644
/*
* Need to buffer aliases during bootup until sysfs becomes
-@@ -5318,6 +5365,7 @@ struct saved_alias {
+@@ -5319,6 +5366,7 @@ struct saved_alias {
static struct saved_alias *alias_list;
@@ -72793,7 +73981,7 @@ index 4907563..e3d7905 100644
static int sysfs_slab_alias(struct kmem_cache *s, const char *name)
{
struct saved_alias *al;
-@@ -5340,6 +5388,7 @@ static int sysfs_slab_alias(struct kmem_cache *s, const char *name)
+@@ -5341,6 +5389,7 @@ static int sysfs_slab_alias(struct kmem_cache *s, const char *name)
alias_list = al;
return 0;
}
@@ -72823,7 +74011,7 @@ index 14380e9..e244704 100644
}
diff --git a/mm/swapfile.c b/mm/swapfile.c
-index d999f09..e00270a 100644
+index f31b29d..8bdcae2 100644
--- a/mm/swapfile.c
+++ b/mm/swapfile.c
@@ -61,7 +61,7 @@ static DEFINE_MUTEX(swapon_mutex);
@@ -72835,7 +74023,7 @@ index d999f09..e00270a 100644
static inline unsigned char swap_count(unsigned char ent)
{
-@@ -1671,7 +1671,7 @@ SYSCALL_DEFINE1(swapoff, const char __user *, specialfile)
+@@ -1669,7 +1669,7 @@ SYSCALL_DEFINE1(swapoff, const char __user *, specialfile)
}
filp_close(swap_file, NULL);
err = 0;
@@ -72844,7 +74032,7 @@ index d999f09..e00270a 100644
wake_up_interruptible(&proc_poll_wait);
out_dput:
-@@ -1687,8 +1687,8 @@ static unsigned swaps_poll(struct file *file, poll_table *wait)
+@@ -1685,8 +1685,8 @@ static unsigned swaps_poll(struct file *file, poll_table *wait)
poll_wait(file, &proc_poll_wait, wait);
@@ -72855,7 +74043,7 @@ index d999f09..e00270a 100644
return POLLIN | POLLRDNORM | POLLERR | POLLPRI;
}
-@@ -1786,7 +1786,7 @@ static int swaps_open(struct inode *inode, struct file *file)
+@@ -1784,7 +1784,7 @@ static int swaps_open(struct inode *inode, struct file *file)
return ret;
seq = file->private_data;
@@ -72864,7 +74052,7 @@ index d999f09..e00270a 100644
return 0;
}
-@@ -2124,7 +2124,7 @@ SYSCALL_DEFINE2(swapon, const char __user *, specialfile, int, swap_flags)
+@@ -2122,7 +2122,7 @@ SYSCALL_DEFINE2(swapon, const char __user *, specialfile, int, swap_flags)
(p->flags & SWP_DISCARDABLE) ? "D" : "");
mutex_unlock(&swapon_mutex);
@@ -72874,26 +74062,10 @@ index d999f09..e00270a 100644
if (S_ISREG(inode->i_mode))
diff --git a/mm/util.c b/mm/util.c
-index 136ac4f..5117eef 100644
+index 136ac4f..f917fa9 100644
--- a/mm/util.c
+++ b/mm/util.c
-@@ -114,6 +114,7 @@ EXPORT_SYMBOL(memdup_user);
- * allocated buffer. Use this if you don't want to free the buffer immediately
- * like, for example, with RCU.
- */
-+#undef __krealloc
- void *__krealloc(const void *p, size_t new_size, gfp_t flags)
- {
- void *ret;
-@@ -147,6 +148,7 @@ EXPORT_SYMBOL(__krealloc);
- * behaves exactly like kmalloc(). If @size is 0 and @p is not a
- * %NULL pointer, the object pointed to is freed.
- */
-+#undef krealloc
- void *krealloc(const void *p, size_t new_size, gfp_t flags)
- {
- void *ret;
-@@ -243,6 +245,12 @@ void __vma_link_list(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -243,6 +243,12 @@ void __vma_link_list(struct mm_struct *mm, struct vm_area_struct *vma,
void arch_pick_mmap_layout(struct mm_struct *mm)
{
mm->mmap_base = TASK_UNMAPPED_BASE;
@@ -72907,7 +74079,7 @@ index 136ac4f..5117eef 100644
mm->unmap_area = arch_unmap_area;
}
diff --git a/mm/vmalloc.c b/mm/vmalloc.c
-index 86ce9a5..0fa4d89 100644
+index 86ce9a5..bc498f3 100644
--- a/mm/vmalloc.c
+++ b/mm/vmalloc.c
@@ -39,8 +39,19 @@ static void vunmap_pte_range(pmd_t *pmd, unsigned long addr, unsigned long end)
@@ -73056,60 +74228,11 @@ index 86ce9a5..0fa4d89 100644
area = __get_vm_area_node(size, align, VM_ALLOC | VM_UNLIST,
start, end, node, gfp_mask, caller);
if (!area)
-@@ -1704,6 +1766,7 @@ static void *__vmalloc_node(unsigned long size, unsigned long align,
- gfp_mask, prot, node, caller);
- }
-
-+#undef __vmalloc
- void *__vmalloc(unsigned long size, gfp_t gfp_mask, pgprot_t prot)
- {
- return __vmalloc_node(size, 1, gfp_mask, prot, -1,
-@@ -1727,6 +1790,7 @@ static inline void *__vmalloc_node_flags(unsigned long size,
- * For tight control over page level allocator and protection flags
- * use __vmalloc() instead.
- */
-+#undef vmalloc
- void *vmalloc(unsigned long size)
- {
- return __vmalloc_node_flags(size, -1, GFP_KERNEL | __GFP_HIGHMEM);
-@@ -1743,6 +1807,7 @@ EXPORT_SYMBOL(vmalloc);
- * For tight control over page level allocator and protection flags
- * use __vmalloc() instead.
- */
-+#undef vzalloc
- void *vzalloc(unsigned long size)
- {
- return __vmalloc_node_flags(size, -1,
-@@ -1757,6 +1822,7 @@ EXPORT_SYMBOL(vzalloc);
- * The resulting memory area is zeroed so it can be mapped to userspace
- * without leaking data.
- */
-+#undef vmalloc_user
- void *vmalloc_user(unsigned long size)
- {
- struct vm_struct *area;
-@@ -1784,6 +1850,7 @@ EXPORT_SYMBOL(vmalloc_user);
- * For tight control over page level allocator and protection flags
- * use __vmalloc() instead.
- */
-+#undef vmalloc_node
- void *vmalloc_node(unsigned long size, int node)
- {
- return __vmalloc_node(size, 1, GFP_KERNEL | __GFP_HIGHMEM, PAGE_KERNEL,
-@@ -1803,6 +1870,7 @@ EXPORT_SYMBOL(vmalloc_node);
- * For tight control over page level allocator and protection flags
- * use __vmalloc_node() instead.
- */
-+#undef vzalloc_node
- void *vzalloc_node(unsigned long size, int node)
- {
- return __vmalloc_node_flags(size, node,
-@@ -1825,10 +1893,10 @@ EXPORT_SYMBOL(vzalloc_node);
+@@ -1825,10 +1887,9 @@ EXPORT_SYMBOL(vzalloc_node);
* For tight control over page level allocator and protection flags
* use __vmalloc() instead.
*/
-
-+#undef vmalloc_exec
void *vmalloc_exec(unsigned long size)
{
- return __vmalloc_node(size, 1, GFP_KERNEL | __GFP_HIGHMEM, PAGE_KERNEL_EXEC,
@@ -73117,23 +74240,7 @@ index 86ce9a5..0fa4d89 100644
-1, __builtin_return_address(0));
}
-@@ -1847,6 +1915,7 @@ void *vmalloc_exec(unsigned long size)
- * Allocate enough 32bit PA addressable pages to cover @size from the
- * page level allocator and map them into contiguous kernel virtual space.
- */
-+#undef vmalloc_32
- void *vmalloc_32(unsigned long size)
- {
- return __vmalloc_node(size, 1, GFP_VMALLOC32, PAGE_KERNEL,
-@@ -1861,6 +1930,7 @@ EXPORT_SYMBOL(vmalloc_32);
- * The resulting memory area is 32bit addressable and zeroed so it can be
- * mapped to userspace without leaking data.
- */
-+#undef vmalloc_32_user
- void *vmalloc_32_user(unsigned long size)
- {
- struct vm_struct *area;
-@@ -2123,6 +2193,8 @@ int remap_vmalloc_range(struct vm_area_struct *vma, void *addr,
+@@ -2123,6 +2184,8 @@ int remap_vmalloc_range(struct vm_area_struct *vma, void *addr,
unsigned long uaddr = vma->vm_start;
unsigned long usize = vma->vm_end - vma->vm_start;
@@ -73478,6 +74585,18 @@ index 32d338c..d24bcdb 100644
goto done;
}
}
+diff --git a/net/bridge/netfilter/ebt_ulog.c b/net/bridge/netfilter/ebt_ulog.c
+index 5449294..7da9a5f 100644
+--- a/net/bridge/netfilter/ebt_ulog.c
++++ b/net/bridge/netfilter/ebt_ulog.c
+@@ -96,6 +96,7 @@ static void ulog_timer(unsigned long data)
+ spin_unlock_bh(&ulog_buffers[data].lock);
+ }
+
++static struct sk_buff *ulog_alloc_skb(unsigned int size) __size_overflow(1);
+ static struct sk_buff *ulog_alloc_skb(unsigned int size)
+ {
+ struct sk_buff *skb;
diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c
index 5fe2ff3..10968b5 100644
--- a/net/bridge/netfilter/ebtables.c
@@ -73825,7 +74944,7 @@ index 68bbf9f..5ef0d12 100644
return err;
diff --git a/net/core/dev.c b/net/core/dev.c
-index 6ca32f6..c7e9bbd 100644
+index a4bf943..9c83051 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -1138,10 +1138,14 @@ void dev_load(struct net *net, const char *name)
@@ -73897,7 +75016,7 @@ index 6ca32f6..c7e9bbd 100644
kfree_skb(skb);
/* Jamal, now you will not able to escape explaining
* me how you were going to use this. :-)
-@@ -3832,7 +3836,7 @@ void netif_napi_del(struct napi_struct *napi)
+@@ -3833,7 +3837,7 @@ void netif_napi_del(struct napi_struct *napi)
}
EXPORT_SYMBOL(netif_napi_del);
@@ -73906,7 +75025,7 @@ index 6ca32f6..c7e9bbd 100644
{
struct softnet_data *sd = &__get_cpu_var(softnet_data);
unsigned long time_limit = jiffies + 2;
-@@ -5889,7 +5893,7 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev,
+@@ -5890,7 +5894,7 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev,
} else {
netdev_stats_to_stats64(storage, &dev->stats);
}
@@ -73978,7 +75097,7 @@ index c40f27e..7f49254 100644
m->msg_iov = iov;
diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
-index f965dce..92c792a 100644
+index 5c30296..ebe7b61 100644
--- a/net/core/rtnetlink.c
+++ b/net/core/rtnetlink.c
@@ -57,7 +57,7 @@ struct rtnl_link {
@@ -74030,6 +75149,28 @@ index ff52ad0..aff1c0f 100644
i++, cmfptr++)
{
int new_fd;
+diff --git a/net/core/skbuff.c b/net/core/skbuff.c
+index da0c97f..8253632 100644
+--- a/net/core/skbuff.c
++++ b/net/core/skbuff.c
+@@ -3160,6 +3160,8 @@ static void sock_rmem_free(struct sk_buff *skb)
+ */
+ int sock_queue_err_skb(struct sock *sk, struct sk_buff *skb)
+ {
++ int len = skb->len;
++
+ if (atomic_read(&sk->sk_rmem_alloc) + skb->truesize >=
+ (unsigned)sk->sk_rcvbuf)
+ return -ENOMEM;
+@@ -3174,7 +3176,7 @@ int sock_queue_err_skb(struct sock *sk, struct sk_buff *skb)
+
+ skb_queue_tail(&sk->sk_error_queue, skb);
+ if (!sock_flag(sk, SOCK_DEAD))
+- sk->sk_data_ready(sk, skb->len);
++ sk->sk_data_ready(sk, len);
+ return 0;
+ }
+ EXPORT_SYMBOL(sock_queue_err_skb);
diff --git a/net/core/sock.c b/net/core/sock.c
index 02f8dfe..86dfd4a 100644
--- a/net/core/sock.c
@@ -74182,6 +75323,19 @@ index 39a2d29..f39c0fe 100644
---help---
Econet is a fairly old and slow networking protocol mainly used by
Acorn computers to access file and print servers. It uses native
+diff --git a/net/ipv4/ah4.c b/net/ipv4/ah4.c
+index 36d1440..44ff28b 100644
+--- a/net/ipv4/ah4.c
++++ b/net/ipv4/ah4.c
+@@ -19,6 +19,8 @@ struct ah_skb_cb {
+ #define AH_SKB_CB(__skb) ((struct ah_skb_cb *)&((__skb)->cb[0]))
+
+ static void *ah_alloc_tmp(struct crypto_ahash *ahash, int nfrags,
++ unsigned int size) __size_overflow(3);
++static void *ah_alloc_tmp(struct crypto_ahash *ahash, int nfrags,
+ unsigned int size)
+ {
+ unsigned int len;
diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c
index 92fc5f6..b790d91 100644
--- a/net/ipv4/fib_frontend.c
@@ -74334,19 +75488,104 @@ index 6e412a6..6640538 100644
set_fs(oldfs);
return res;
}
-diff --git a/net/ipv4/netfilter/nf_nat_snmp_basic.c b/net/ipv4/netfilter/nf_nat_snmp_basic.c
-index 2133c30..5c4b40b 100644
---- a/net/ipv4/netfilter/nf_nat_snmp_basic.c
-+++ b/net/ipv4/netfilter/nf_nat_snmp_basic.c
-@@ -399,7 +399,7 @@ static unsigned char asn1_octets_decode(struct asn1_ctx *ctx,
+diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c
+index fd7a3f6..a1b1013 100644
+--- a/net/ipv4/netfilter/arp_tables.c
++++ b/net/ipv4/netfilter/arp_tables.c
+@@ -757,6 +757,9 @@ static struct xt_counters *alloc_counters(const struct xt_table *table)
+
+ static int copy_entries_to_user(unsigned int total_size,
+ const struct xt_table *table,
++ void __user *userptr) __size_overflow(1);
++static int copy_entries_to_user(unsigned int total_size,
++ const struct xt_table *table,
+ void __user *userptr)
+ {
+ unsigned int off, num;
+@@ -984,6 +987,11 @@ static int __do_replace(struct net *net, const char *name,
+ unsigned int valid_hooks,
+ struct xt_table_info *newinfo,
+ unsigned int num_counters,
++ void __user *counters_ptr) __size_overflow(5);
++static int __do_replace(struct net *net, const char *name,
++ unsigned int valid_hooks,
++ struct xt_table_info *newinfo,
++ unsigned int num_counters,
+ void __user *counters_ptr)
+ {
+ int ret;
+@@ -1104,6 +1112,8 @@ static int do_replace(struct net *net, const void __user *user,
+ }
- *len = 0;
+ static int do_add_counters(struct net *net, const void __user *user,
++ unsigned int len, int compat) __size_overflow(3);
++static int do_add_counters(struct net *net, const void __user *user,
+ unsigned int len, int compat)
+ {
+ unsigned int i, curcpu;
+diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
+index 24e556e..b073356 100644
+--- a/net/ipv4/netfilter/ip_tables.c
++++ b/net/ipv4/netfilter/ip_tables.c
+@@ -923,6 +923,10 @@ static struct xt_counters *alloc_counters(const struct xt_table *table)
+ static int
+ copy_entries_to_user(unsigned int total_size,
+ const struct xt_table *table,
++ void __user *userptr) __size_overflow(1);
++static int
++copy_entries_to_user(unsigned int total_size,
++ const struct xt_table *table,
+ void __user *userptr)
+ {
+ unsigned int off, num;
+@@ -1172,6 +1176,10 @@ get_entries(struct net *net, struct ipt_get_entries __user *uptr,
+ static int
+ __do_replace(struct net *net, const char *name, unsigned int valid_hooks,
+ struct xt_table_info *newinfo, unsigned int num_counters,
++ void __user *counters_ptr) __size_overflow(5);
++static int
++__do_replace(struct net *net, const char *name, unsigned int valid_hooks,
++ struct xt_table_info *newinfo, unsigned int num_counters,
+ void __user *counters_ptr)
+ {
+ int ret;
+@@ -1293,6 +1301,9 @@ do_replace(struct net *net, const void __user *user, unsigned int len)
-- *octets = kmalloc(eoc - ctx->pointer, GFP_ATOMIC);
-+ *octets = kmalloc((eoc - ctx->pointer), GFP_ATOMIC);
- if (*octets == NULL)
- return 0;
+ static int
+ do_add_counters(struct net *net, const void __user *user,
++ unsigned int len, int compat) __size_overflow(3);
++static int
++do_add_counters(struct net *net, const void __user *user,
+ unsigned int len, int compat)
+ {
+ unsigned int i, curcpu;
+diff --git a/net/ipv4/netfilter/ipt_ULOG.c b/net/ipv4/netfilter/ipt_ULOG.c
+index ba5756d..8d34d74 100644
+--- a/net/ipv4/netfilter/ipt_ULOG.c
++++ b/net/ipv4/netfilter/ipt_ULOG.c
+@@ -125,6 +125,7 @@ static void ulog_timer(unsigned long data)
+ spin_unlock_bh(&ulog_lock);
+ }
++static struct sk_buff *ulog_alloc_skb(unsigned int size) __size_overflow(1);
+ static struct sk_buff *ulog_alloc_skb(unsigned int size)
+ {
+ struct sk_buff *skb;
+diff --git a/net/ipv4/netfilter/nf_nat_snmp_basic.c b/net/ipv4/netfilter/nf_nat_snmp_basic.c
+index 2133c30..0e8047e 100644
+--- a/net/ipv4/netfilter/nf_nat_snmp_basic.c
++++ b/net/ipv4/netfilter/nf_nat_snmp_basic.c
+@@ -435,6 +435,10 @@ static unsigned char asn1_subid_decode(struct asn1_ctx *ctx,
+ static unsigned char asn1_oid_decode(struct asn1_ctx *ctx,
+ unsigned char *eoc,
+ unsigned long **oid,
++ unsigned int *len) __size_overflow(2);
++static unsigned char asn1_oid_decode(struct asn1_ctx *ctx,
++ unsigned char *eoc,
++ unsigned long **oid,
+ unsigned int *len)
+ {
+ unsigned long subid;
diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c
index b072386..abdebcf 100644
--- a/net/ipv4/ping.c
@@ -74748,6 +75987,19 @@ index 6b8ebc5..1d624f4 100644
if (ops->ndo_do_ioctl) {
mm_segment_t oldfs = get_fs();
+diff --git a/net/ipv6/ah6.c b/net/ipv6/ah6.c
+index 2ae79db..8f101bf 100644
+--- a/net/ipv6/ah6.c
++++ b/net/ipv6/ah6.c
+@@ -56,6 +56,8 @@ struct ah_skb_cb {
+ #define AH_SKB_CB(__skb) ((struct ah_skb_cb *)&((__skb)->cb[0]))
+
+ static void *ah_alloc_tmp(struct crypto_ahash *ahash, int nfrags,
++ unsigned int size) __size_overflow(3);
++static void *ah_alloc_tmp(struct crypto_ahash *ahash, int nfrags,
+ unsigned int size)
+ {
+ unsigned int len;
diff --git a/net/ipv6/inet6_connection_sock.c b/net/ipv6/inet6_connection_sock.c
index 02dd203..e03fcc9 100644
--- a/net/ipv6/inet6_connection_sock.c
@@ -74783,6 +76035,42 @@ index 18a2719..779f36a 100644
msg.msg_controllen = len;
msg.msg_flags = flags;
+diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
+index 94874b0..108a94d 100644
+--- a/net/ipv6/netfilter/ip6_tables.c
++++ b/net/ipv6/netfilter/ip6_tables.c
+@@ -945,6 +945,10 @@ static struct xt_counters *alloc_counters(const struct xt_table *table)
+ static int
+ copy_entries_to_user(unsigned int total_size,
+ const struct xt_table *table,
++ void __user *userptr) __size_overflow(1);
++static int
++copy_entries_to_user(unsigned int total_size,
++ const struct xt_table *table,
+ void __user *userptr)
+ {
+ unsigned int off, num;
+@@ -1194,6 +1198,10 @@ get_entries(struct net *net, struct ip6t_get_entries __user *uptr,
+ static int
+ __do_replace(struct net *net, const char *name, unsigned int valid_hooks,
+ struct xt_table_info *newinfo, unsigned int num_counters,
++ void __user *counters_ptr) __size_overflow(5);
++static int
++__do_replace(struct net *net, const char *name, unsigned int valid_hooks,
++ struct xt_table_info *newinfo, unsigned int num_counters,
+ void __user *counters_ptr)
+ {
+ int ret;
+@@ -1315,6 +1323,9 @@ do_replace(struct net *net, const void __user *user, unsigned int len)
+
+ static int
+ do_add_counters(struct net *net, const void __user *user, unsigned int len,
++ int compat) __size_overflow(3);
++static int
++do_add_counters(struct net *net, const void __user *user, unsigned int len,
+ int compat)
+ {
+ unsigned int i, curcpu;
diff --git a/net/ipv6/raw.c b/net/ipv6/raw.c
index d02f7e4..2d2a0f1 100644
--- a/net/ipv6/raw.c
@@ -75659,7 +76947,7 @@ index 4fe4fb4..87a89e5 100644
return 0;
}
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
-index 629b061..21cd04c 100644
+index 629b061..8f415cc 100644
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -741,7 +741,7 @@ static void netlink_overrun(struct sock *sk)
@@ -75671,7 +76959,64 @@ index 629b061..21cd04c 100644
}
static struct sock *netlink_getsockbypid(struct sock *ssk, u32 pid)
-@@ -1995,7 +1995,7 @@ static int netlink_seq_show(struct seq_file *seq, void *v)
+@@ -829,12 +829,19 @@ int netlink_attachskb(struct sock *sk, struct sk_buff *skb,
+ return 0;
+ }
+
+-int netlink_sendskb(struct sock *sk, struct sk_buff *skb)
++static int __netlink_sendskb(struct sock *sk, struct sk_buff *skb)
+ {
+ int len = skb->len;
+
+ skb_queue_tail(&sk->sk_receive_queue, skb);
+ sk->sk_data_ready(sk, len);
++ return len;
++}
++
++int netlink_sendskb(struct sock *sk, struct sk_buff *skb)
++{
++ int len = __netlink_sendskb(sk, skb);
++
+ sock_put(sk);
+ return len;
+ }
+@@ -957,8 +964,7 @@ static int netlink_broadcast_deliver(struct sock *sk, struct sk_buff *skb)
+ if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf &&
+ !test_bit(0, &nlk->state)) {
+ skb_set_owner_r(skb, sk);
+- skb_queue_tail(&sk->sk_receive_queue, skb);
+- sk->sk_data_ready(sk, skb->len);
++ __netlink_sendskb(sk, skb);
+ return atomic_read(&sk->sk_rmem_alloc) > (sk->sk_rcvbuf >> 1);
+ }
+ return -1;
+@@ -1680,10 +1686,8 @@ static int netlink_dump(struct sock *sk)
+
+ if (sk_filter(sk, skb))
+ kfree_skb(skb);
+- else {
+- skb_queue_tail(&sk->sk_receive_queue, skb);
+- sk->sk_data_ready(sk, skb->len);
+- }
++ else
++ __netlink_sendskb(sk, skb);
+ return 0;
+ }
+
+@@ -1697,10 +1701,8 @@ static int netlink_dump(struct sock *sk)
+
+ if (sk_filter(sk, skb))
+ kfree_skb(skb);
+- else {
+- skb_queue_tail(&sk->sk_receive_queue, skb);
+- sk->sk_data_ready(sk, skb->len);
+- }
++ else
++ __netlink_sendskb(sk, skb);
+
+ if (cb->done)
+ cb->done(cb);
+@@ -1995,7 +1997,7 @@ static int netlink_seq_show(struct seq_file *seq, void *v)
sk_wmem_alloc_get(s),
nlk->cb,
atomic_read(&s->sk_refcnt),
@@ -76516,7 +77861,7 @@ index 28a96af..61a7a06 100644
set_fs(KERNEL_DS);
if (level == SOL_SOCKET)
diff --git a/net/sunrpc/sched.c b/net/sunrpc/sched.c
-index 3341d89..c662621 100644
+index 8efd96c..b492ab2 100644
--- a/net/sunrpc/sched.c
+++ b/net/sunrpc/sched.c
@@ -239,9 +239,9 @@ static int rpc_wait_bit_killable(void *word)
@@ -77164,10 +78509,10 @@ index b89efe6..2c30808 100644
sprintf(alias, "dmi*");
diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c
-index 9adb667..c6ac044 100644
+index c4e7d15..4241aef 100644
--- a/scripts/mod/modpost.c
+++ b/scripts/mod/modpost.c
-@@ -919,6 +919,7 @@ enum mismatch {
+@@ -922,6 +922,7 @@ enum mismatch {
ANY_INIT_TO_ANY_EXIT,
ANY_EXIT_TO_ANY_INIT,
EXPORT_TO_INIT_EXIT,
@@ -77175,7 +78520,7 @@ index 9adb667..c6ac044 100644
};
struct sectioncheck {
-@@ -1027,6 +1028,12 @@ const struct sectioncheck sectioncheck[] = {
+@@ -1030,6 +1031,12 @@ const struct sectioncheck sectioncheck[] = {
.tosec = { INIT_SECTIONS, EXIT_SECTIONS, NULL },
.mismatch = EXPORT_TO_INIT_EXIT,
.symbol_white_list = { DEFAULT_SYMBOL_WHITE_LIST, NULL },
@@ -77188,7 +78533,7 @@ index 9adb667..c6ac044 100644
}
};
-@@ -1149,10 +1156,10 @@ static Elf_Sym *find_elf_symbol(struct elf_info *elf, Elf64_Sword addr,
+@@ -1152,10 +1159,10 @@ static Elf_Sym *find_elf_symbol(struct elf_info *elf, Elf64_Sword addr,
continue;
if (ELF_ST_TYPE(sym->st_info) == STT_SECTION)
continue;
@@ -77201,7 +78546,7 @@ index 9adb667..c6ac044 100644
if (d < 0)
d = addr - sym->st_value;
if (d < distance) {
-@@ -1431,6 +1438,14 @@ static void report_sec_mismatch(const char *modname,
+@@ -1434,6 +1441,14 @@ static void report_sec_mismatch(const char *modname,
tosym, prl_to, prl_to, tosym);
free(prl_to);
break;
@@ -77216,7 +78561,7 @@ index 9adb667..c6ac044 100644
}
fprintf(stderr, "\n");
}
-@@ -1665,7 +1680,7 @@ static void section_rel(const char *modname, struct elf_info *elf,
+@@ -1668,7 +1683,7 @@ static void section_rel(const char *modname, struct elf_info *elf,
static void check_sec_ref(struct module *mod, const char *modname,
struct elf_info *elf)
{
@@ -77225,7 +78570,7 @@ index 9adb667..c6ac044 100644
Elf_Shdr *sechdrs = elf->sechdrs;
/* Walk through all sections */
-@@ -1763,7 +1778,7 @@ void __attribute__((format(printf, 2, 3))) buf_printf(struct buffer *buf,
+@@ -1766,7 +1781,7 @@ void __attribute__((format(printf, 2, 3))) buf_printf(struct buffer *buf,
va_end(ap);
}
@@ -77234,7 +78579,7 @@ index 9adb667..c6ac044 100644
{
if (buf->size - buf->pos < len) {
buf->size += len + SZ;
-@@ -1981,7 +1996,7 @@ static void write_if_changed(struct buffer *b, const char *fname)
+@@ -1984,7 +1999,7 @@ static void write_if_changed(struct buffer *b, const char *fname)
if (fstat(fileno(file), &st) < 0)
goto close_write;
@@ -77244,7 +78589,7 @@ index 9adb667..c6ac044 100644
tmp = NOFAIL(malloc(b->pos));
diff --git a/scripts/mod/modpost.h b/scripts/mod/modpost.h
-index 2031119..b5433af 100644
+index 51207e4..f7d603d 100644
--- a/scripts/mod/modpost.h
+++ b/scripts/mod/modpost.h
@@ -92,15 +92,15 @@ void *do_nofail(void *ptr, const char *expr);
@@ -77309,11 +78654,24 @@ index 5c11312..72742b5 100644
logoname);
write_hex_cnt = 0;
for (i = 0; i < logo_clutsize; i++) {
+diff --git a/scripts/tags.sh b/scripts/tags.sh
+index 833813a..0bc8588 100755
+--- a/scripts/tags.sh
++++ b/scripts/tags.sh
+@@ -116,7 +116,7 @@ docscope()
+
+ dogtags()
+ {
+- all_sources | gtags -f -
++ all_sources | gtags -i -f -
+ }
+
+ exuberant()
diff --git a/security/Kconfig b/security/Kconfig
-index 51bd5a0..3a4ebd0 100644
+index 51bd5a0..c37f5e6 100644
--- a/security/Kconfig
+++ b/security/Kconfig
-@@ -4,6 +4,627 @@
+@@ -4,6 +4,640 @@
menu "Security options"
@@ -77405,7 +78763,6 @@ index 51bd5a0..3a4ebd0 100644
+
+config PAX_XATTR_PAX_FLAGS
+ bool 'Use filesystem extended attributes marking'
-+ depends on EXPERT
+ select CIFS_XATTR if CIFS
+ select EXT2_FS_XATTR if EXT2_FS
+ select EXT3_FS_XATTR if EXT3_FS
@@ -77934,6 +79291,20 @@ index 51bd5a0..3a4ebd0 100644
+ Since this has a negligible performance impact, you should enable
+ this feature.
+
++config PAX_SIZE_OVERFLOW
++ bool "Prevent various integer overflows in function size parameters"
++ depends on X86
++ help
++ By saying Y here the kernel recomputes expressions of function
++ arguments marked by a size_overflow attribute with double integer
++ precision (DImode/TImode for 32/64 bit integer types).
++
++ The recomputed argument is checked against INT_MAX and an event
++ is logged on overflow and the triggering process is killed.
++
++ Homepage:
++ http://www.grsecurity.net/~ephox/overflow_plugin/
++
+endmenu
+
+endmenu
@@ -77941,7 +79312,7 @@ index 51bd5a0..3a4ebd0 100644
config KEYS
bool "Enable access key retention support"
help
-@@ -169,7 +790,7 @@ config INTEL_TXT
+@@ -169,7 +803,7 @@ config INTEL_TXT
config LSM_MMAP_MIN_ADDR
int "Low address space for LSM to protect from user allocation"
depends on SECURITY && SECURITY_SELINUX
@@ -78795,10 +80166,10 @@ index da5fa1a..113cd02 100644
};
diff --git a/tools/gcc/Makefile b/tools/gcc/Makefile
new file mode 100644
-index 0000000..894c8bf
+index 0000000..ca64170
--- /dev/null
+++ b/tools/gcc/Makefile
-@@ -0,0 +1,23 @@
+@@ -0,0 +1,26 @@
+#CC := gcc
+#PLUGIN_SOURCE_FILES := pax_plugin.c
+#PLUGIN_OBJECT_FILES := $(patsubst %.c,%.o,$(PLUGIN_SOURCE_FILES))
@@ -78806,6 +80177,7 @@ index 0000000..894c8bf
+#CFLAGS += -I$(GCCPLUGINS_DIR)/include -fPIC -O2 -Wall -W -std=gnu99
+
+HOST_EXTRACFLAGS += -I$(GCCPLUGINS_DIR)/include -I$(GCCPLUGINS_DIR)/include/c-family -std=gnu99 -ggdb
++CFLAGS_size_overflow_plugin.o := -Wno-missing-initializer
+
+hostlibs-y := constify_plugin.so
+hostlibs-$(CONFIG_PAX_MEMORY_STACKLEAK) += stackleak_plugin.so
@@ -78813,6 +80185,7 @@ index 0000000..894c8bf
+hostlibs-$(CONFIG_PAX_KERNEXEC_PLUGIN) += kernexec_plugin.so
+hostlibs-$(CONFIG_CHECKER_PLUGIN) += checker_plugin.so
+hostlibs-y += colorize_plugin.so
++hostlibs-$(CONFIG_PAX_SIZE_OVERFLOW) += size_overflow_plugin.so
+
+always := $(hostlibs-y)
+
@@ -78822,6 +80195,7 @@ index 0000000..894c8bf
+kernexec_plugin-objs := kernexec_plugin.o
+checker_plugin-objs := checker_plugin.o
+colorize_plugin-objs := colorize_plugin.o
++size_overflow_plugin-objs := size_overflow_plugin.o
diff --git a/tools/gcc/checker_plugin.c b/tools/gcc/checker_plugin.c
new file mode 100644
index 0000000..d41b5af
@@ -79636,7 +81010,7 @@ index 0000000..a5eabce
+}
diff --git a/tools/gcc/kernexec_plugin.c b/tools/gcc/kernexec_plugin.c
new file mode 100644
-index 0000000..008f159
+index 0000000..d8a8da2
--- /dev/null
+++ b/tools/gcc/kernexec_plugin.c
@@ -0,0 +1,427 @@
@@ -79846,7 +81220,7 @@ index 0000000..008f159
+ update_stmt(assign_intptr);
+
+ // cast temporary unsigned long back to a temporary fptr variable
-+ new_fptr = create_tmp_var(TREE_TYPE(old_fptr), "kernexec");
++ new_fptr = create_tmp_var(TREE_TYPE(old_fptr), "kernexec_fptr");
+ add_referenced_var(new_fptr);
+ mark_sym_for_renaming(new_fptr);
+ assign_new_fptr = gimple_build_assign(new_fptr, fold_convert(TREE_TYPE(old_fptr), intptr));
@@ -80067,6 +81441,4216 @@ index 0000000..008f159
+
+ return 0;
+}
+diff --git a/tools/gcc/size_overflow_hash1.h b/tools/gcc/size_overflow_hash1.h
+new file mode 100644
+index 0000000..16ccac1
+--- /dev/null
++++ b/tools/gcc/size_overflow_hash1.h
+@@ -0,0 +1,3047 @@
++struct size_overflow_hash size_overflow_hash1[65536] = {
++ [10013].file = "security/smack/smackfs.c",
++ [10013].name = "smk_write_direct",
++ [10013].param3 = 1,
++ [10167].file = "sound/core/oss/pcm_plugin.c",
++ [10167].name = "snd_pcm_plugin_build",
++ [10167].param5 = 1,
++ [1020].file = "drivers/usb/misc/usbtest.c",
++ [1020].name = "test_unaligned_bulk",
++ [1020].param3 = 1,
++ [1022].file = "sound/pci/rme9652/rme9652.c",
++ [1022].name = "snd_rme9652_playback_copy",
++ [1022].param5 = 1,
++ [10321].file = "drivers/platform/x86/thinkpad_acpi.c",
++ [10321].name = "create_attr_set",
++ [10321].param1 = 1,
++ [10341].file = "fs/nfsd/nfs4xdr.c",
++ [10341].name = "read_buf",
++ [10341].param2 = 1,
++ [10357].file = "net/sunrpc/cache.c",
++ [10357].name = "cache_read",
++ [10357].param3 = 1,
++ [10397].file = "drivers/gpu/drm/i915/i915_debugfs.c",
++ [10397].name = "i915_wedged_write",
++ [10397].param3 = 1,
++ [10399].file = "kernel/trace/trace.c",
++ [10399].name = "trace_seq_to_user",
++ [10399].param3 = 1,
++ [10414].file = "drivers/tty/vt/vt.c",
++ [10414].name = "vc_do_resize",
++ [10414].param3 = 1,
++ [10414].param4 = 1,
++ [10565].file = "drivers/input/touchscreen/ad7879-spi.c",
++ [10565].name = "ad7879_spi_multi_read",
++ [10565].param3 = 1,
++ [10623].file = "drivers/infiniband/core/user_mad.c",
++ [10623].name = "ib_umad_write",
++ [10623].param3 = 1,
++ [10707].file = "fs/nfs/idmap.c",
++ [10707].name = "nfs_idmap_request_key",
++ [10707].param2 = 1,
++ [1073].file = "drivers/block/aoe/aoecmd.c",
++ [1073].name = "addtgt",
++ [1073].param3 = 1,
++ [10745].file = "fs/cifs/connect.c",
++ [10745].name = "get_server_iovec",
++ [10745].param2 = 1,
++ [10750].file = "drivers/net/wireless/iwmc3200wifi/rx.c",
++ [10750].name = "iwm_ntf_calib_res",
++ [10750].param3 = 1,
++ [10773].file = "drivers/input/mousedev.c",
++ [10773].name = "mousedev_read",
++ [10773].param3 = 1,
++ [10777].file = "fs/ntfs/file.c",
++ [10777].name = "ntfs_file_buffered_write",
++ [10777].param6 = 1,
++ [10893].file = "drivers/misc/sgi-gru/gruprocfs.c",
++ [10893].name = "options_write",
++ [10893].param3 = 1,
++ [10919].file = "net/ipv4/netfilter/arp_tables.c",
++ [10919].name = "do_arpt_set_ctl",
++ [10919].param4 = 1,
++ [1107].file = "mm/process_vm_access.c",
++ [1107].name = "process_vm_rw_single_vec",
++ [1107].param1 = 1,
++ [1107].param2 = 1,
++ [11230].file = "net/core/neighbour.c",
++ [11230].name = "neigh_hash_grow",
++ [11230].param2 = 1,
++ [11364].file = "fs/ext4/super.c",
++ [11364].name = "ext4_kvzalloc",
++ [11364].param1 = 1,
++ [114].file = "security/selinux/selinuxfs.c",
++ [114].name = "sel_write_relabel",
++ [114].param3 = 1,
++ [11549].file = "drivers/media/rc/redrat3.c",
++ [11549].name = "redrat3_transmit_ir",
++ [11549].param3 = 1,
++ [11568].file = "drivers/gpu/drm/drm_scatter.c",
++ [11568].name = "drm_vmalloc_dma",
++ [11568].param1 = 1,
++ [11582].file = "drivers/scsi/lpfc/lpfc_sli.c",
++ [11582].name = "lpfc_sli4_queue_alloc",
++ [11582].param3 = 1,
++ [11616].file = "security/selinux/selinuxfs.c",
++ [11616].name = "sel_write_enforce",
++ [11616].param3 = 1,
++ [11699].file = "drivers/net/ethernet/neterion/vxge/vxge-config.h",
++ [11699].name = "vxge_os_dma_malloc",
++ [11699].param2 = 1,
++ [11766].file = "drivers/block/paride/pt.c",
++ [11766].name = "pt_read",
++ [11766].param3 = 1,
++ [11784].file = "fs/bio.c",
++ [11784].name = "bio_kmalloc",
++ [11784].param2 = 1,
++ [11919].file = "drivers/lguest/core.c",
++ [11919].name = "__lgread",
++ [11919].param4 = 1,
++ [11925].file = "drivers/media/video/cx18/cx18-fileops.c",
++ [11925].name = "cx18_copy_mdl_to_user",
++ [11925].param4 = 1,
++ [11985].file = "drivers/block/floppy.c",
++ [11985].name = "fd_copyin",
++ [11985].param3 = 1,
++ [11986].file = "drivers/net/usb/asix.c",
++ [11986].name = "asix_read_cmd",
++ [11986].param5 = 1,
++ [12018].file = "sound/core/oss/pcm_oss.c",
++ [12018].name = "snd_pcm_oss_read1",
++ [12018].param3 = 1,
++ [12059].file = "drivers/net/wireless/libertas/debugfs.c",
++ [12059].name = "lbs_debugfs_write",
++ [12059].param3 = 1,
++ [12151].file = "fs/compat.c",
++ [12151].name = "compat_rw_copy_check_uvector",
++ [12151].param3 = 1,
++ [12205].file = "fs/reiserfs/journal.c",
++ [12205].name = "reiserfs_allocate_list_bitmaps",
++ [12205].param3 = 1,
++ [12234].file = "include/acpi/platform/aclinux.h",
++ [12234].name = "acpi_os_allocate",
++ [12234].param1 = 1,
++ [1227].file = "lib/cpu_rmap.c",
++ [1227].name = "alloc_cpu_rmap",
++ [1227].param1 = 1,
++ [12395].file = "drivers/char/hw_random/core.c",
++ [12395].name = "rng_dev_read",
++ [12395].param3 = 1,
++ [12602].file = "net/sunrpc/cache.c",
++ [12602].name = "cache_downcall",
++ [12602].param3 = 1,
++ [12712].file = "drivers/net/wimax/i2400m/fw.c",
++ [12712].name = "i2400m_zrealloc_2x",
++ [12712].param3 = 1,
++ [12755].file = "sound/drivers/opl4/opl4_proc.c",
++ [12755].name = "snd_opl4_mem_proc_read",
++ [12755].param5 = 1,
++ [12833].file = "net/sctp/auth.c",
++ [12833].name = "sctp_auth_create_key",
++ [12833].param1 = 1,
++ [12840].file = "net/sctp/tsnmap.c",
++ [12840].name = "sctp_tsnmap_mark",
++ [12840].param2 = 1,
++ [12931].file = "drivers/hid/hid-roccat.c",
++ [12931].name = "roccat_read",
++ [12931].param3 = 1,
++ [12954].file = "fs/proc/base.c",
++ [12954].name = "oom_adjust_write",
++ [12954].param3 = 1,
++ [13103].file = "drivers/acpi/acpica/utobject.c",
++ [13103].name = "acpi_ut_create_string_object",
++ [13103].param1 = 1,
++ [13121].file = "net/ipv4/ip_sockglue.c",
++ [13121].name = "do_ip_setsockopt",
++ [13121].param5 = 1,
++ [1327].file = "net/netfilter/nfnetlink_log.c",
++ [1327].name = "nfulnl_alloc_skb",
++ [1327].param2 = 1,
++ [13337].file = "net/core/iovec.c",
++ [13337].name = "csum_partial_copy_fromiovecend",
++ [13337].param4 = 1,
++ [13339].file = "security/smack/smackfs.c",
++ [13339].name = "smk_write_netlbladdr",
++ [13339].param3 = 1,
++ [13342].file = "fs/jbd2/journal.c",
++ [13342].name = "jbd2_alloc",
++ [13342].param1 = 1,
++ [13384].file = "drivers/char/virtio_console.c",
++ [13384].name = "alloc_buf",
++ [13384].param1 = 1,
++ [13412].file = "fs/proc/base.c",
++ [13412].name = "oom_score_adj_write",
++ [13412].param3 = 1,
++ [13559].file = "drivers/media/video/ivtv/ivtv-fileops.c",
++ [13559].name = "ivtv_read",
++ [13559].param3 = 1,
++ [13618].file = "drivers/net/team/team.c",
++ [13618].name = "team_options_register",
++ [13618].param3 = 1,
++ [13659].file = "drivers/net/wan/hdlc.c",
++ [13659].name = "attach_hdlc_protocol",
++ [13659].param3 = 1,
++ [13708].file = "drivers/usb/misc/usbtest.c",
++ [13708].name = "simple_alloc_urb",
++ [13708].param3 = 1,
++ [13805].file = "drivers/misc/altera-stapl/altera-jtag.c",
++ [13805].name = "altera_swap_dr",
++ [13805].param2 = 1,
++ [13868].file = "fs/lockd/mon.c",
++ [13868].name = "nsm_create_handle",
++ [13868].param4 = 1,
++ [13924].file = "net/ipv4/netfilter/ip_tables.c",
++ [13924].name = "do_ipt_set_ctl",
++ [13924].param4 = 1,
++ [14019].file = "net/dns_resolver/dns_key.c",
++ [14019].name = "dns_resolver_instantiate",
++ [14019].param2 = 1,
++ [14019].param3 = 1,
++ [14025].file = "net/ax25/af_ax25.c",
++ [14025].name = "ax25_setsockopt",
++ [14025].param5 = 1,
++ [14029].file = "drivers/spi/spidev.c",
++ [14029].name = "spidev_compat_ioctl",
++ [14029].param2 = 1,
++ [14090].file = "drivers/bluetooth/btmrvl_debugfs.c",
++ [14090].name = "btmrvl_hsmode_write",
++ [14090].param3 = 1,
++ [14149].file = "drivers/hid/hidraw.c",
++ [14149].name = "hidraw_ioctl",
++ [14149].param2 = 1,
++ [14153].file = "drivers/staging/bcm/led_control.c",
++ [14153].name = "ValidateDSDParamsChecksum",
++ [14153].param3 = 1,
++ [14174].file = "sound/pci/es1938.c",
++ [14174].name = "snd_es1938_capture_copy",
++ [14174].param5 = 1,
++ [14207].file = "drivers/media/video/v4l2-event.c",
++ [14207].name = "v4l2_event_subscribe",
++ [14207].param3 = 1,
++ [14241].file = "drivers/platform/x86/asus_acpi.c",
++ [14241].name = "brn_proc_write",
++ [14241].param3 = 1,
++ [14345].file = "fs/cachefiles/daemon.c",
++ [14345].name = "cachefiles_daemon_write",
++ [14345].param3 = 1,
++ [14347].file = "drivers/media/dvb/dvb-core/dvb_ca_en50221.c",
++ [14347].name = "dvb_ca_en50221_io_write",
++ [14347].param3 = 1,
++ [14566].file = "drivers/pci/hotplug/ibmphp_ebda.c",
++ [14566].name = "alloc_ebda_hpc",
++ [14566].param1 = 1,
++ [14566].param2 = 1,
++ [1458].file = "drivers/misc/lkdtm.c",
++ [1458].name = "direct_entry",
++ [1458].param3 = 1,
++ [14646].file = "fs/compat.c",
++ [14646].name = "compat_writev",
++ [14646].param3 = 1,
++ [14684].file = "drivers/media/video/stk-webcam.c",
++ [14684].name = "stk_allocate_buffers",
++ [14684].param2 = 1,
++ [14736].file = "drivers/usb/misc/usbtest.c",
++ [14736].name = "unlink_queued",
++ [14736].param3 = 1,
++ [1482].file = "drivers/scsi/scsi_netlink.c",
++ [1482].name = "scsi_nl_send_vendor_msg",
++ [1482].param5 = 1,
++ [15017].file = "drivers/edac/edac_device.c",
++ [15017].name = "edac_device_alloc_ctl_info",
++ [15017].param1 = 1,
++ [15044].file = "drivers/uio/uio.c",
++ [15044].name = "uio_write",
++ [15044].param3 = 1,
++ [15087].file = "fs/bio.c",
++ [15087].name = "bio_map_kern",
++ [15087].param2 = 1,
++ [15087].param3 = 1,
++ [15112].file = "drivers/xen/evtchn.c",
++ [15112].name = "evtchn_write",
++ [15112].param3 = 1,
++ [15130].file = "net/bluetooth/hci_core.c",
++ [15130].name = "hci_send_cmd",
++ [15130].param3 = 1,
++ [15202].file = "net/bluetooth/rfcomm/tty.c",
++ [15202].name = "rfcomm_wmalloc",
++ [15202].param2 = 1,
++ [15274].file = "crypto/shash.c",
++ [15274].name = "crypto_shash_setkey",
++ [15274].param3 = 1,
++ [15354].file = "drivers/isdn/mISDN/socket.c",
++ [15354].name = "mISDN_sock_sendmsg",
++ [15354].param4 = 1,
++ [15361].file = "drivers/char/agp/generic.c",
++ [15361].name = "agp_allocate_memory",
++ [15361].param2 = 1,
++ [15497].file = "drivers/media/dvb/ddbridge/ddbridge-core.c",
++ [15497].name = "ts_read",
++ [15497].param3 = 1,
++ [15551].file = "net/ipv4/netfilter/ipt_CLUSTERIP.c",
++ [15551].name = "clusterip_proc_write",
++ [15551].param3 = 1,
++ [15701].file = "drivers/hid/hid-roccat-common.c",
++ [15701].name = "roccat_common_receive",
++ [15701].param4 = 1,
++ [1572].file = "net/ceph/pagevec.c",
++ [1572].name = "ceph_copy_page_vector_to_user",
++ [1572].param4 = 1,
++ [15814].file = "net/mac80211/debugfs_netdev.c",
++ [15814].name = "ieee80211_if_write",
++ [15814].param3 = 1,
++ [15883].file = "security/keys/keyctl.c",
++ [15883].name = "sys_add_key",
++ [15883].param4 = 1,
++ [15884].file = "fs/exofs/super.c",
++ [15884].name = "exofs_read_lookup_dev_table",
++ [15884].param3 = 1,
++ [16037].file = "drivers/staging/media/easycap/easycap_sound.c",
++ [16037].name = "easycap_alsa_vmalloc",
++ [16037].param2 = 1,
++ [16073].file = "net/sctp/socket.c",
++ [16073].name = "sctp_setsockopt",
++ [16073].param5 = 1,
++ [16132].file = "drivers/staging/vme/devices/vme_user.c",
++ [16132].name = "buffer_from_user",
++ [16132].param3 = 1,
++ [16138].file = "security/selinux/ss/services.c",
++ [16138].name = "security_context_to_sid_force",
++ [16138].param2 = 1,
++ [16166].file = "drivers/platform/x86/thinkpad_acpi.c",
++ [16166].name = "dispatch_proc_write",
++ [16166].param3 = 1,
++ [16229].file = "drivers/scsi/scsi_transport_iscsi.c",
++ [16229].name = "iscsi_offload_mesg",
++ [16229].param5 = 1,
++ [16353].file = "drivers/base/regmap/regmap.c",
++ [16353].name = "regmap_raw_write",
++ [16353].param4 = 1,
++ [16383].file = "fs/proc/base.c",
++ [16383].name = "comm_write",
++ [16383].param3 = 1,
++ [16396].file = "drivers/misc/altera-stapl/altera-jtag.c",
++ [16396].name = "altera_irscan",
++ [16396].param2 = 1,
++ [16447].file = "drivers/hid/usbhid/hiddev.c",
++ [16447].name = "hiddev_ioctl",
++ [16447].param2 = 1,
++ [16453].file = "include/linux/slab.h",
++ [16453].name = "kzalloc",
++ [16453].param1 = 1,
++ [16605].file = "fs/ecryptfs/miscdev.c",
++ [16605].name = "ecryptfs_send_miscdev",
++ [16605].param2 = 1,
++ [16606].file = "drivers/ide/ide-tape.c",
++ [16606].name = "idetape_chrdev_write",
++ [16606].param3 = 1,
++ [16637].file = "security/keys/encrypted-keys/encrypted.c",
++ [16637].name = "datablob_hmac_verify",
++ [16637].param4 = 1,
++ [16828].file = "net/batman-adv/hash.c",
++ [16828].name = "hash_new",
++ [16828].param1 = 1,
++ [16853].file = "drivers/net/ethernet/chelsio/cxgb4vf/sge.c",
++ [16853].name = "t4vf_pktgl_to_skb",
++ [16853].param2 = 1,
++ [16911].file = "drivers/media/dvb/ttpci/av7110_hw.c",
++ [16911].name = "LoadBitmap",
++ [16911].param2 = 1,
++ [169].file = "drivers/net/ethernet/amd/pcnet32.c",
++ [169].name = "pcnet32_realloc_rx_ring",
++ [169].param3 = 1,
++ [17075].file = "sound/isa/gus/gus_dram.c",
++ [17075].name = "snd_gus_dram_write",
++ [17075].param4 = 1,
++ [17133].file = "drivers/usb/misc/iowarrior.c",
++ [17133].name = "iowarrior_read",
++ [17133].param3 = 1,
++ [17185].file = "net/wireless/scan.c",
++ [17185].name = "cfg80211_inform_bss",
++ [17185].param8 = 1,
++ [17349].file = "net/tipc/link.c",
++ [17349].name = "tipc_link_send_sections_fast",
++ [17349].param4 = 1,
++ [17377].file = "drivers/usb/class/cdc-wdm.c",
++ [17377].name = "wdm_write",
++ [17377].param3 = 1,
++ [17459].file = "drivers/usb/misc/rio500.c",
++ [17459].name = "write_rio",
++ [17459].param3 = 1,
++ [17460].file = "fs/nfsd/nfscache.c",
++ [17460].name = "nfsd_cache_update",
++ [17460].param3 = 1,
++ [17492].file = "net/dccp/proto.c",
++ [17492].name = "do_dccp_setsockopt",
++ [17492].param5 = 1,
++ [1754].file = "sound/core/oss/pcm_oss.c",
++ [1754].name = "snd_pcm_oss_write",
++ [1754].param3 = 1,
++ [17604].file = "fs/proc/generic.c",
++ [17604].name = "__proc_file_read",
++ [17604].param3 = 1,
++ [17718].file = "net/caif/caif_socket.c",
++ [17718].name = "setsockopt",
++ [17718].param5 = 1,
++ [17828].file = "kernel/sched/core.c",
++ [17828].name = "sched_feat_write",
++ [17828].param3 = 1,
++ [17841].file = "drivers/misc/tifm_core.c",
++ [17841].name = "tifm_alloc_adapter",
++ [17841].param1 = 1,
++ [17946].file = "drivers/net/wireless/libertas/if_spi.c",
++ [17946].name = "if_spi_host_to_card",
++ [17946].param4 = 1,
++ [1800].file = "drivers/media/dvb/dvb-core/dmxdev.c",
++ [1800].name = "dvb_dvr_do_ioctl",
++ [1800].param3 = 1,
++ [18119].file = "drivers/misc/iwmc3200top/fw-download.c",
++ [18119].name = "iwmct_fw_parser_init",
++ [18119].param4 = 1,
++ [18140].file = "drivers/scsi/pm8001/pm8001_ctl.c",
++ [18140].name = "pm8001_store_update_fw",
++ [18140].param4 = 1,
++ [18191].file = "sound/pci/hda/patch_realtek.c",
++ [18191].name = "new_bind_ctl",
++ [18191].param2 = 1,
++ [18224].file = "drivers/xen/grant-table.c",
++ [18224].name = "gnttab_map",
++ [18224].param2 = 1,
++ [18232].file = "fs/nfs/write.c",
++ [18232].name = "nfs_writedata_alloc",
++ [18232].param1 = 1,
++ [18247].file = "drivers/char/agp/generic.c",
++ [18247].name = "agp_create_user_memory",
++ [18247].param1 = 1,
++ [18303].file = "fs/xattr.c",
++ [18303].name = "getxattr",
++ [18303].param4 = 1,
++ [18353].file = "net/rfkill/core.c",
++ [18353].name = "rfkill_fop_read",
++ [18353].param3 = 1,
++ [18386].file = "fs/read_write.c",
++ [18386].name = "vfs_readv",
++ [18386].param3 = 1,
++ [18391].file = "fs/ocfs2/stack_user.c",
++ [18391].name = "ocfs2_control_write",
++ [18391].param3 = 1,
++ [183].file = "crypto/ahash.c",
++ [183].name = "crypto_ahash_setkey",
++ [183].param3 = 1,
++ [18406].file = "drivers/media/video/tm6000/tm6000-core.c",
++ [18406].name = "tm6000_read_write_usb",
++ [18406].param7 = 1,
++ [1845].file = "drivers/net/wireless/rt2x00/rt2x00debug.c",
++ [1845].name = "rt2x00debug_write_rf",
++ [1845].param3 = 1,
++ [18465].file = "drivers/net/ethernet/chelsio/cxgb3/cxgb3_offload.c",
++ [18465].name = "cxgb_alloc_mem",
++ [18465].param1 = 1,
++ [184].file = "drivers/firewire/nosy.c",
++ [184].name = "packet_buffer_init",
++ [184].param2 = 1,
++ [1858].file = "net/ipv6/netfilter/ip6_tables.c",
++ [1858].name = "do_ip6t_set_ctl",
++ [1858].param4 = 1,
++ [18659].file = "drivers/media/dvb/dvb-core/dvbdev.c",
++ [18659].name = "dvb_usercopy",
++ [18659].param2 = 1,
++ [18722].file = "security/tomoyo/condition.c",
++ [18722].name = "tomoyo_scan_bprm",
++ [18722].param2 = 1,
++ [18722].param4 = 1,
++ [18775].file = "include/linux/textsearch.h",
++ [18775].name = "alloc_ts_config",
++ [18775].param1 = 1,
++ [18940].file = "drivers/usb/host/hwa-hc.c",
++ [18940].name = "__hwahc_op_set_gtk",
++ [18940].param4 = 1,
++ [19012].file = "drivers/acpi/event.c",
++ [19012].name = "acpi_system_read_event",
++ [19012].param3 = 1,
++ [19028].file = "mm/filemap.c",
++ [19028].name = "iov_iter_copy_from_user_atomic",
++ [19028].param4 = 1,
++ [19107].file = "security/smack/smackfs.c",
++ [19107].name = "smk_write_load_list",
++ [19107].param3 = 1,
++ [19240].file = "net/sctp/socket.c",
++ [19240].name = "sctp_setsockopt_delayed_ack",
++ [19240].param3 = 1,
++ [19274].file = "net/core/pktgen.c",
++ [19274].name = "pktgen_if_write",
++ [19274].param3 = 1,
++ [19286].file = "drivers/base/regmap/regmap.c",
++ [19286].name = "_regmap_raw_write",
++ [19286].param4 = 1,
++ [19308].file = "drivers/char/mem.c",
++ [19308].name = "read_oldmem",
++ [19308].param3 = 1,
++ [19343].file = "security/keys/encrypted-keys/encrypted.c",
++ [19343].name = "datablob_hmac_append",
++ [19343].param3 = 1,
++ [19349].file = "drivers/acpi/acpica/utobject.c",
++ [19349].name = "acpi_ut_create_package_object",
++ [19349].param1 = 1,
++ [19453].file = "drivers/net/ethernet/chelsio/cxgb/sge.c",
++ [19453].name = "sge_rx",
++ [19453].param3 = 1,
++ [19504].file = "drivers/usb/serial/garmin_gps.c",
++ [19504].name = "pkt_add",
++ [19504].param3 = 1,
++ [19522].file = "mm/percpu.c",
++ [19522].name = "pcpu_mem_zalloc",
++ [19522].param1 = 1,
++ [19548].file = "drivers/scsi/qla2xxx/qla_init.c",
++ [19548].name = "qla2x00_get_ctx_sp",
++ [19548].param3 = 1,
++ [19592].file = "net/dccp/proto.c",
++ [19592].name = "dccp_setsockopt_service",
++ [19592].param4 = 1,
++ [19726].file = "kernel/trace/trace.c",
++ [19726].name = "tracing_set_trace_write",
++ [19726].param3 = 1,
++ [19738].file = "fs/sysfs/file.c",
++ [19738].name = "sysfs_write_file",
++ [19738].param3 = 1,
++ [19833].file = "drivers/xen/privcmd.c",
++ [19833].name = "gather_array",
++ [19833].param3 = 1,
++ [19910].file = "drivers/media/video/saa7164/saa7164-buffer.c",
++ [19910].name = "saa7164_buffer_alloc_user",
++ [19910].param2 = 1,
++ [19920].file = "drivers/input/joydev.c",
++ [19920].name = "joydev_ioctl",
++ [19920].param2 = 1,
++ [19931].file = "drivers/usb/misc/ftdi-elan.c",
++ [19931].name = "ftdi_elan_write",
++ [19931].param3 = 1,
++ [19960].file = "drivers/usb/class/usblp.c",
++ [19960].name = "usblp_read",
++ [19960].param3 = 1,
++ [1996].file = "drivers/scsi/libsrp.c",
++ [1996].name = "srp_target_alloc",
++ [1996].param3 = 1,
++ [20023].file = "drivers/media/video/gspca/gspca.c",
++ [20023].name = "dev_read",
++ [20023].param3 = 1,
++ [20207].file = "net/core/sock.c",
++ [20207].name = "sock_alloc_send_pskb",
++ [20207].param2 = 1,
++ [20263].file = "kernel/trace/trace_events.c",
++ [20263].name = "event_filter_write",
++ [20263].param3 = 1,
++ [20314].file = "drivers/gpu/drm/drm_hashtab.c",
++ [20314].name = "drm_ht_create",
++ [20314].param2 = 1,
++ [20320].file = "drivers/mfd/sm501.c",
++ [20320].name = "sm501_create_subdev",
++ [20320].param3 = 1,
++ [20320].param4 = 1,
++ [20376].file = "mm/nobootmem.c",
++ [20376].name = "__alloc_bootmem_nopanic",
++ [20376].param1 = 1,
++ [20409].file = "drivers/media/dvb/dvb-usb/opera1.c",
++ [20409].name = "opera1_usb_i2c_msgxfer",
++ [20409].param4 = 1,
++ [20473].file = "drivers/mtd/mtdchar.c",
++ [20473].name = "mtdchar_write",
++ [20473].param3 = 1,
++ [20611].file = "net/netfilter/x_tables.c",
++ [20611].name = "xt_alloc_table_info",
++ [20611].param1 = 1,
++ [20618].file = "drivers/staging/crystalhd/crystalhd_lnx.c",
++ [20618].name = "chd_dec_fetch_cdata",
++ [20618].param3 = 1,
++ [20713].file = "drivers/gpu/drm/ttm/ttm_bo_vm.c",
++ [20713].name = "ttm_bo_io",
++ [20713].param5 = 1,
++ [20801].file = "drivers/vhost/vhost.c",
++ [20801].name = "vhost_add_used_n",
++ [20801].param3 = 1,
++ [20835].file = "drivers/isdn/i4l/isdn_common.c",
++ [20835].name = "isdn_read",
++ [20835].param3 = 1,
++ [20951].file = "crypto/rng.c",
++ [20951].name = "rngapi_reset",
++ [20951].param3 = 1,
++ [21125].file = "fs/gfs2/dir.c",
++ [21125].name = "gfs2_alloc_sort_buffer",
++ [21125].param1 = 1,
++ [21132].file = "kernel/cgroup.c",
++ [21132].name = "cgroup_write_X64",
++ [21132].param5 = 1,
++ [21138].file = "drivers/uio/uio.c",
++ [21138].name = "uio_read",
++ [21138].param3 = 1,
++ [21193].file = "net/wireless/sme.c",
++ [21193].name = "cfg80211_disconnected",
++ [21193].param4 = 1,
++ [21312].file = "lib/ts_kmp.c",
++ [21312].name = "kmp_init",
++ [21312].param2 = 1,
++ [21335].file = "net/econet/af_econet.c",
++ [21335].name = "econet_sendmsg",
++ [21335].param4 = 1,
++ [21406].file = "fs/libfs.c",
++ [21406].name = "simple_write_to_buffer",
++ [21406].param2 = 1,
++ [21406].param5 = 1,
++ [21451].file = "net/netfilter/ipvs/ip_vs_ctl.c",
++ [21451].name = "do_ip_vs_set_ctl",
++ [21451].param4 = 1,
++ [21459].file = "security/smack/smackfs.c",
++ [21459].name = "smk_write_doi",
++ [21459].param3 = 1,
++ [21508].file = "include/linux/usb/wusb.h",
++ [21508].name = "wusb_prf_64",
++ [21508].param7 = 1,
++ [21511].file = "drivers/input/ff-core.c",
++ [21511].name = "input_ff_create",
++ [21511].param2 = 1,
++ [21538].file = "net/bluetooth/l2cap_sock.c",
++ [21538].name = "l2cap_sock_setsockopt",
++ [21538].param5 = 1,
++ [21543].file = "drivers/media/video/gspca/gspca.c",
++ [21543].name = "frame_alloc",
++ [21543].param4 = 1,
++ [21608].file = "drivers/char/tpm/tpm.c",
++ [21608].name = "tpm_write",
++ [21608].param3 = 1,
++ [2160].file = "drivers/net/wireless/ray_cs.c",
++ [2160].name = "int_proc_write",
++ [2160].param3 = 1,
++ [21632].file = "fs/afs/cell.c",
++ [21632].name = "afs_cell_create",
++ [21632].param2 = 1,
++ [21679].file = "drivers/net/wireless/ath/carl9170/debug.c",
++ [21679].name = "carl9170_debugfs_write",
++ [21679].param3 = 1,
++ [21784].file = "crypto/ahash.c",
++ [21784].name = "ahash_setkey_unaligned",
++ [21784].param3 = 1,
++ [2180].file = "drivers/char/ppdev.c",
++ [2180].name = "pp_write",
++ [2180].param3 = 1,
++ [21810].file = "net/core/netprio_cgroup.c",
++ [21810].name = "extend_netdev_table",
++ [21810].param2 = 1,
++ [21906].file = "net/atm/mpc.c",
++ [21906].name = "copy_macs",
++ [21906].param4 = 1,
++ [21946].file = "fs/nfs/idmap.c",
++ [21946].name = "nfs_map_name_to_uid",
++ [21946].param3 = 1,
++ [22052].file = "drivers/net/ethernet/chelsio/cxgb3/sge.c",
++ [22052].name = "get_packet_pg",
++ [22052].param4 = 1,
++ [22085].file = "drivers/staging/sep/sep_driver.c",
++ [22085].name = "sep_lock_user_pages",
++ [22085].param2 = 1,
++ [22085].param3 = 1,
++ [22190].file = "drivers/char/tpm/tpm.c",
++ [22190].name = "tpm_read",
++ [22190].param3 = 1,
++ [22291].file = "net/core/pktgen.c",
++ [22291].name = "pgctrl_write",
++ [22291].param3 = 1,
++ [22439].file = "fs/afs/rxrpc.c",
++ [22439].name = "afs_alloc_flat_call",
++ [22439].param2 = 1,
++ [22439].param3 = 1,
++ [2243].file = "drivers/scsi/scsi_tgt_lib.c",
++ [2243].name = "scsi_tgt_kspace_exec",
++ [2243].param8 = 1,
++ [22440].file = "drivers/uwb/neh.c",
++ [22440].name = "uwb_rc_neh_grok_event",
++ [22440].param3 = 1,
++ [22611].file = "drivers/staging/android/logger.c",
++ [22611].name = "do_write_log_from_user",
++ [22611].param3 = 1,
++ [22614].file = "drivers/media/video/cx18/cx18-fileops.c",
++ [22614].name = "cx18_copy_buf_to_user",
++ [22614].param4 = 1,
++ [22667].file = "drivers/misc/altera-stapl/altera-jtag.c",
++ [22667].name = "altera_set_ir_post",
++ [22667].param2 = 1,
++ [22772].file = "drivers/target/iscsi/iscsi_target_erl1.c",
++ [22772].name = "iscsit_dump_data_payload",
++ [22772].param2 = 1,
++ [22777].file = "drivers/infiniband/ulp/srp/ib_srp.c",
++ [22777].name = "srp_alloc_iu",
++ [22777].param2 = 1,
++ [22811].file = "drivers/usb/dwc3/debugfs.c",
++ [22811].name = "dwc3_mode_write",
++ [22811].param3 = 1,
++ [22817].file = "drivers/media/video/usbvision/usbvision-core.c",
++ [22817].name = "usbvision_rvmalloc",
++ [22817].param1 = 1,
++ [22864].file = "drivers/net/wireless/ath/ath6kl/cfg80211.c",
++ [22864].name = "ath6kl_add_bss_if_needed",
++ [22864].param6 = 1,
++ [2286].file = "drivers/scsi/mvumi.c",
++ [2286].name = "mvumi_alloc_mem_resource",
++ [2286].param3 = 1,
++ [22904].file = "security/selinux/ss/services.c",
++ [22904].name = "security_context_to_sid_default",
++ [22904].param2 = 1,
++ [22932].file = "fs/compat.c",
++ [22932].name = "compat_sys_writev",
++ [22932].param3 = 1,
++ [2302].file = "drivers/media/video/stk-webcam.c",
++ [2302].name = "v4l_stk_read",
++ [2302].param3 = 1,
++ [2307].file = "drivers/pcmcia/cistpl.c",
++ [2307].name = "pcmcia_replace_cis",
++ [2307].param3 = 1,
++ [23117].file = "drivers/media/dvb/ttpci/av7110_av.c",
++ [23117].name = "dvb_audio_write",
++ [23117].param3 = 1,
++ [23220].file = "drivers/gpu/drm/vmwgfx/vmwgfx_kms.c",
++ [23220].name = "do_dmabuf_dirty_sou",
++ [23220].param7 = 1,
++ [23232].file = "drivers/md/persistent-data/dm-space-map-checker.c",
++ [23232].name = "sm_checker_extend",
++ [23232].param2 = 1,
++ [2324].file = "net/ieee802154/wpan-class.c",
++ [2324].name = "wpan_phy_alloc",
++ [2324].param1 = 1,
++ [2328].file = "kernel/trace/ftrace.c",
++ [2328].name = "ftrace_pid_write",
++ [2328].param3 = 1,
++ [23290].file = "fs/proc/base.c",
++ [23290].name = "mem_rw",
++ [23290].param3 = 1,
++ [23449].file = "crypto/blkcipher.c",
++ [23449].name = "blkcipher_next_slow",
++ [23449].param3 = 1,
++ [23449].param4 = 1,
++ [23535].file = "ipc/sem.c",
++ [23535].name = "sys_semtimedop",
++ [23535].param3 = 1,
++ [2357].file = "drivers/usb/serial/garmin_gps.c",
++ [2357].name = "garmin_read_process",
++ [2357].param3 = 1,
++ [23589].file = "kernel/relay.c",
++ [23589].name = "subbuf_read_actor",
++ [23589].param3 = 1,
++ [23848].file = "crypto/blkcipher.c",
++ [23848].name = "async_setkey",
++ [23848].param3 = 1,
++ [2386].file = "drivers/acpi/acpica/exnames.c",
++ [2386].name = "acpi_ex_allocate_name_string",
++ [2386].param2 = 1,
++ [2389].file = "net/core/sock.c",
++ [2389].name = "sock_rmalloc",
++ [2389].param2 = 1,
++ [23994].file = "net/bluetooth/mgmt.c",
++ [23994].name = "set_powered",
++ [23994].param4 = 1,
++ [23999].file = "sound/pci/rme9652/hdsp.c",
++ [23999].name = "snd_hdsp_capture_copy",
++ [23999].param5 = 1,
++ [24233].file = "drivers/pci/pcie/aer/aer_inject.c",
++ [24233].name = "aer_inject_write",
++ [24233].param3 = 1,
++ [24359].file = "kernel/power/qos.c",
++ [24359].name = "pm_qos_power_write",
++ [24359].param3 = 1,
++ [24457].file = "fs/btrfs/backref.c",
++ [24457].name = "init_data_container",
++ [24457].param1 = 1,
++ [24719].file = "drivers/input/evdev.c",
++ [24719].name = "bits_to_user",
++ [24719].param3 = 1,
++ [2472].file = "net/ipv4/netfilter/ip_tables.c",
++ [2472].name = "compat_do_ipt_set_ctl",
++ [2472].param4 = 1,
++ [24755].file = "drivers/infiniband/hw/qib/qib_diag.c",
++ [24755].name = "qib_diag_write",
++ [24755].param3 = 1,
++ [24805].file = "security/keys/user_defined.c",
++ [24805].name = "user_update",
++ [24805].param3 = 1,
++ [25036].file = "fs/pipe.c",
++ [25036].name = "pipe_iov_copy_from_user",
++ [25036].param3 = 1,
++ [25078].file = "drivers/net/wireless/p54/fwio.c",
++ [25078].name = "p54_download_eeprom",
++ [25078].param4 = 1,
++ [25127].file = "drivers/scsi/device_handler/scsi_dh_alua.c",
++ [25127].name = "realloc_buffer",
++ [25127].param2 = 1,
++ [25145].file = "net/tipc/link.c",
++ [25145].name = "link_send_sections_long",
++ [25145].param4 = 1,
++ [25157].file = "security/keys/request_key_auth.c",
++ [25157].name = "request_key_auth_new",
++ [25157].param3 = 1,
++ [25158].file = "drivers/net/ethernet/mellanox/mlx4/en_rx.c",
++ [25158].name = "mlx4_en_create_rx_ring",
++ [25158].param3 = 1,
++ [25267].file = "fs/configfs/file.c",
++ [25267].name = "configfs_write_file",
++ [25267].param3 = 1,
++ [25495].file = "drivers/scsi/bfa/bfad_debugfs.c",
++ [25495].name = "bfad_debugfs_write_regwr",
++ [25495].param3 = 1,
++ [25558].file = "fs/proc/task_mmu.c",
++ [25558].name = "clear_refs_write",
++ [25558].param3 = 1,
++ [25692].file = "drivers/net/wireless/ath/ath6kl/wmi.c",
++ [25692].name = "ath6kl_wmi_send_action_cmd",
++ [25692].param7 = 1,
++ [25765].file = "drivers/media/dvb/b2c2/flexcop.c",
++ [25765].name = "flexcop_device_kmalloc",
++ [25765].param1 = 1,
++ [26100].file = "sound/core/info.c",
++ [26100].name = "snd_info_entry_write",
++ [26100].param3 = 1,
++ [26256].file = "fs/hpfs/name.c",
++ [26256].name = "hpfs_translate_name",
++ [26256].param3 = 1,
++ [26394].file = "drivers/hid/hidraw.c",
++ [26394].name = "hidraw_get_report",
++ [26394].param3 = 1,
++ [26494].file = "kernel/signal.c",
++ [26494].name = "sys_rt_sigpending",
++ [26494].param2 = 1,
++ [26497].file = "security/keys/keyctl.c",
++ [26497].name = "sys_keyctl",
++ [26497].param4 = 1,
++ [26533].file = "drivers/block/aoe/aoechr.c",
++ [26533].name = "aoechr_write",
++ [26533].param3 = 1,
++ [26560].file = "crypto/algapi.c",
++ [26560].name = "crypto_alloc_instance2",
++ [26560].param3 = 1,
++ [26605].file = "security/selinux/selinuxfs.c",
++ [26605].name = "sel_write_user",
++ [26605].param3 = 1,
++ [26620].file = "net/bluetooth/mgmt.c",
++ [26620].name = "mgmt_control",
++ [26620].param3 = 1,
++ [26701].file = "drivers/mtd/chips/cfi_util.c",
++ [26701].name = "cfi_read_pri",
++ [26701].param3 = 1,
++ [26757].file = "fs/xattr.c",
++ [26757].name = "sys_fgetxattr",
++ [26757].param4 = 1,
++ [2678].file = "drivers/platform/x86/asus_acpi.c",
++ [2678].name = "disp_proc_write",
++ [2678].param3 = 1,
++ [26834].file = "drivers/gpu/drm/drm_drv.c",
++ [26834].name = "drm_ioctl",
++ [26834].param2 = 1,
++ [26843].file = "drivers/firewire/core-cdev.c",
++ [26843].name = "fw_device_op_compat_ioctl",
++ [26843].param2 = 1,
++ [26845].file = "drivers/scsi/qla2xxx/qla_bsg.c",
++ [26845].name = "qla2x00_get_ctx_bsg_sp",
++ [26845].param3 = 1,
++ [26888].file = "net/bridge/br_ioctl.c",
++ [26888].name = "get_fdb_entries",
++ [26888].param3 = 1,
++ [26962].file = "drivers/usb/class/usbtmc.c",
++ [26962].name = "usbtmc_write",
++ [26962].param3 = 1,
++ [26966].file = "drivers/media/dvb/ddbridge/ddbridge-core.c",
++ [26966].name = "ts_write",
++ [26966].param3 = 1,
++ [27004].file = "drivers/misc/hpilo.c",
++ [27004].name = "ilo_write",
++ [27004].param3 = 1,
++ [27025].file = "fs/ntfs/file.c",
++ [27025].name = "__ntfs_copy_from_user_iovec_inatomic",
++ [27025].param3 = 1,
++ [27025].param4 = 1,
++ [27061].file = "drivers/firewire/core-cdev.c",
++ [27061].name = "iso_callback",
++ [27061].param3 = 1,
++ [2711].file = "drivers/media/dvb/dvb-core/dvb_ringbuffer.c",
++ [2711].name = "dvb_ringbuffer_read_user",
++ [2711].param3 = 1,
++ [27129].file = "fs/lockd/mon.c",
++ [27129].name = "nsm_get_handle",
++ [27129].param4 = 1,
++ [27142].file = "fs/proc/kcore.c",
++ [27142].name = "read_kcore",
++ [27142].param3 = 1,
++ [27164].file = "include/drm/drm_mem_util.h",
++ [27164].name = "drm_calloc_large",
++ [27164].param1 = 1,
++ [27164].param2 = 1,
++ [27176].file = "drivers/mtd/devices/mtd_dataflash.c",
++ [27176].name = "otp_read",
++ [27176].param2 = 1,
++ [27176].param5 = 1,
++ [27232].file = "security/apparmor/lib.c",
++ [27232].name = "kvmalloc",
++ [27232].param1 = 1,
++ [27275].file = "drivers/scsi/cxgbi/libcxgbi.c",
++ [27275].name = "cxgbi_ddp_reserve",
++ [27275].param4 = 1,
++ [27280].file = "drivers/net/ethernet/mellanox/mlx4/en_tx.c",
++ [27280].name = "mlx4_en_create_tx_ring",
++ [27280].param4 = 1,
++ [27290].file = "security/selinux/ss/services.c",
++ [27290].name = "security_context_to_sid_core",
++ [27290].param2 = 1,
++ [27302].file = "fs/proc/base.c",
++ [27302].name = "proc_loginuid_write",
++ [27302].param3 = 1,
++ [2730].file = "drivers/target/iscsi/iscsi_target_parameters.c",
++ [2730].name = "iscsi_decode_text_input",
++ [2730].param4 = 1,
++ [27314].file = "net/bluetooth/mgmt.c",
++ [27314].name = "cmd_complete",
++ [27314].param5 = 1,
++ [27472].file = "security/selinux/selinuxfs.c",
++ [27472].name = "sel_write_load",
++ [27472].param3 = 1,
++ [27491].file = "fs/proc/base.c",
++ [27491].name = "proc_pid_attr_write",
++ [27491].param3 = 1,
++ [27568].file = "drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c",
++ [27568].name = "t4_alloc_mem",
++ [27568].param1 = 1,
++ [27582].file = "drivers/platform/x86/asus_acpi.c",
++ [27582].name = "ledd_proc_write",
++ [27582].param3 = 1,
++ [27595].file = "net/core/sock.c",
++ [27595].name = "sock_alloc_send_skb",
++ [27595].param2 = 1,
++ [27648].file = "net/bluetooth/l2cap_core.c",
++ [27648].name = "l2cap_bredr_sig_cmd",
++ [27648].param3 = 1,
++ [27697].file = "drivers/staging/mei/iorw.c",
++ [27697].name = "amthi_read",
++ [27697].param4 = 1,
++ [27911].file = "fs/ext4/resize.c",
++ [27911].name = "alloc_flex_gd",
++ [27911].param1 = 1,
++ [27927].file = "drivers/tty/tty_io.c",
++ [27927].name = "redirected_tty_write",
++ [27927].param3 = 1,
++ [28040].file = "kernel/kfifo.c",
++ [28040].name = "__kfifo_alloc",
++ [28040].param2 = 1,
++ [28040].param3 = 1,
++ [28151].file = "mm/filemap_xip.c",
++ [28151].name = "do_xip_mapping_read",
++ [28151].param5 = 1,
++ [28247].file = "net/sctp/tsnmap.c",
++ [28247].name = "sctp_tsnmap_init",
++ [28247].param2 = 1,
++ [28253].file = "include/linux/fb.h",
++ [28253].name = "alloc_apertures",
++ [28253].param1 = 1,
++ [28265].file = "fs/notify/fanotify/fanotify_user.c",
++ [28265].name = "fanotify_write",
++ [28265].param3 = 1,
++ [28316].file = "drivers/input/joydev.c",
++ [28316].name = "joydev_ioctl_common",
++ [28316].param2 = 1,
++ [28359].file = "drivers/spi/spidev.c",
++ [28359].name = "spidev_message",
++ [28359].param3 = 1,
++ [28360].file = "drivers/hid/usbhid/hiddev.c",
++ [28360].name = "hiddev_compat_ioctl",
++ [28360].param2 = 1,
++ [28407].file = "drivers/net/wireless/rt2x00/rt2x00debug.c",
++ [28407].name = "rt2x00debug_write_csr",
++ [28407].param3 = 1,
++ [2847].file = "fs/ntfs/file.c",
++ [2847].name = "ntfs_copy_from_user",
++ [2847].param3 = 1,
++ [2847].param5 = 1,
++ [28584].file = "drivers/memstick/core/memstick.c",
++ [28584].name = "memstick_alloc_host",
++ [28584].param1 = 1,
++ [28783].file = "drivers/gpu/drm/i915/i915_debugfs.c",
++ [28783].name = "i915_cache_sharing_write",
++ [28783].param3 = 1,
++ [28787].file = "drivers/media/video/videobuf2-core.c",
++ [28787].name = "vb2_write",
++ [28787].param3 = 1,
++ [28879].file = "drivers/base/map.c",
++ [28879].name = "kobj_map",
++ [28879].param2 = 1,
++ [28879].param3 = 1,
++ [28889].file = "drivers/char/pcmcia/cm4040_cs.c",
++ [28889].name = "cm4040_write",
++ [28889].param3 = 1,
++ [29073].file = "drivers/gpu/drm/vmwgfx/vmwgfx_kms.c",
++ [29073].name = "vmw_kms_readback",
++ [29073].param6 = 1,
++ [29085].file = "security/apparmor/apparmorfs.c",
++ [29085].name = "profile_load",
++ [29085].param3 = 1,
++ [29092].file = "lib/lru_cache.c",
++ [29092].name = "lc_create",
++ [29092].param3 = 1,
++ [29257].file = "drivers/vhost/vhost.c",
++ [29257].name = "vhost_add_used_and_signal_n",
++ [29257].param4 = 1,
++ [29267].file = "net/ipv4/fib_trie.c",
++ [29267].name = "tnode_alloc",
++ [29267].param1 = 1,
++ [29338].file = "drivers/net/ethernet/brocade/bna/bnad_debugfs.c",
++ [29338].name = "bnad_debugfs_write_regwr",
++ [29338].param3 = 1,
++ [29353].file = "net/sctp/socket.c",
++ [29353].name = "sctp_setsockopt_del_key",
++ [29353].param3 = 1,
++ [29405].file = "drivers/media/dvb/dvb-usb/dw2102.c",
++ [29405].name = "dw210x_op_rw",
++ [29405].param6 = 1,
++ [29542].file = "net/nfc/nci/core.c",
++ [29542].name = "nci_send_cmd",
++ [29542].param3 = 1,
++ [29714].file = "drivers/scsi/cxgbi/libcxgbi.c",
++ [29714].name = "cxgbi_device_register",
++ [29714].param1 = 1,
++ [29714].param2 = 1,
++ [2972].file = "drivers/staging/crystalhd/crystalhd_misc.c",
++ [2972].name = "crystalhd_create_dio_pool",
++ [2972].param2 = 1,
++ [29769].file = "drivers/misc/iwmc3200top/log.c",
++ [29769].name = "store_iwmct_log_level",
++ [29769].param4 = 1,
++ [29792].file = "drivers/staging/bcm/nvm.c",
++ [29792].name = "BcmCopySection",
++ [29792].param5 = 1,
++ [29859].file = "net/rds/page.c",
++ [29859].name = "rds_page_copy_user",
++ [29859].param4 = 1,
++ [29905].file = "mm/nobootmem.c",
++ [29905].name = "___alloc_bootmem",
++ [29905].param1 = 1,
++ [2995].file = "mm/page_alloc.c",
++ [2995].name = "alloc_large_system_hash",
++ [2995].param2 = 1,
++ [30000].file = "drivers/net/wireless/brcm80211/brcmsmac/phy/phy_n.c",
++ [30000].name = "wlc_phy_loadsampletable_nphy",
++ [30000].param3 = 1,
++ [30242].file = "fs/cifs/cifssmb.c",
++ [30242].name = "cifs_readdata_alloc",
++ [30242].param1 = 1,
++ [30494].file = "net/ceph/buffer.c",
++ [30494].name = "ceph_buffer_new",
++ [30494].param1 = 1,
++ [30590].file = "security/tomoyo/memory.c",
++ [30590].name = "tomoyo_commit_ok",
++ [30590].param2 = 1,
++ [3060].file = "lib/mpi/mpiutil.c",
++ [3060].name = "mpi_alloc_limb_space",
++ [3060].param1 = 1,
++ [30687].file = "drivers/uwb/uwb-debug.c",
++ [30687].name = "command_write",
++ [30687].param3 = 1,
++ [30726].file = "drivers/bluetooth/hci_vhci.c",
++ [30726].name = "vhci_get_user",
++ [30726].param3 = 1,
++ [30873].file = "net/packet/af_packet.c",
++ [30873].name = "alloc_one_pg_vec_page",
++ [30873].param1 = 1,
++ [30970].file = "drivers/staging/hv/storvsc_drv.c",
++ [30970].name = "create_bounce_buffer",
++ [30970].param3 = 1,
++ [310].file = "drivers/block/drbd/drbd_bitmap.c",
++ [310].name = "bm_realloc_pages",
++ [310].param2 = 1,
++ [3119].file = "drivers/misc/ibmasm/command.c",
++ [3119].name = "ibmasm_new_command",
++ [3119].param2 = 1,
++ [31207].file = "drivers/platform/x86/asus_acpi.c",
++ [31207].name = "parse_arg",
++ [31207].param2 = 1,
++ [31287].file = "drivers/scsi/libsrp.c",
++ [31287].name = "srp_iu_pool_alloc",
++ [31287].param2 = 1,
++ [31291].file = "sound/pci/rme9652/rme9652.c",
++ [31291].name = "snd_rme9652_capture_copy",
++ [31291].param5 = 1,
++ [31348].file = "kernel/sched/core.c",
++ [31348].name = "sys_sched_getaffinity",
++ [31348].param2 = 1,
++ [31492].file = "drivers/hid/hidraw.c",
++ [31492].name = "hidraw_read",
++ [31492].param3 = 1,
++ [3170].file = "security/integrity/ima/ima_fs.c",
++ [3170].name = "ima_write_policy",
++ [3170].param3 = 1,
++ [31782].file = "drivers/misc/pti.c",
++ [31782].name = "pti_char_write",
++ [31782].param3 = 1,
++ [31789].file = "fs/file.c",
++ [31789].name = "alloc_fdmem",
++ [31789].param1 = 1,
++ [31957].file = "fs/afs/proc.c",
++ [31957].name = "afs_proc_cells_write",
++ [31957].param3 = 1,
++ [32002].file = "net/sctp/socket.c",
++ [32002].name = "sctp_setsockopt_active_key",
++ [32002].param3 = 1,
++ [32182].file = "net/sunrpc/cache.c",
++ [32182].name = "cache_write",
++ [32182].param3 = 1,
++ [32278].file = "kernel/time/timer_stats.c",
++ [32278].name = "tstats_write",
++ [32278].param3 = 1,
++ [32326].file = "drivers/tty/n_r3964.c",
++ [32326].name = "r3964_write",
++ [32326].param4 = 1,
++ [32399].file = "drivers/net/phy/mdio_bus.c",
++ [32399].name = "mdiobus_alloc_size",
++ [32399].param1 = 1,
++ [32402].file = "net/ceph/pagevec.c",
++ [32402].name = "ceph_copy_user_to_page_vector",
++ [32402].param4 = 1,
++ [3241].file = "drivers/usb/wusbcore/crypto.c",
++ [3241].name = "wusb_prf",
++ [3241].param7 = 1,
++ [32459].file = "drivers/media/radio/radio-wl1273.c",
++ [32459].name = "wl1273_fm_fops_write",
++ [32459].param3 = 1,
++ [32531].file = "fs/bio.c",
++ [32531].name = "__bio_map_kern",
++ [32531].param2 = 1,
++ [32531].param3 = 1,
++ [32537].file = "drivers/staging/vme/devices/vme_user.c",
++ [32537].name = "buffer_to_user",
++ [32537].param3 = 1,
++ [32560].file = "drivers/input/input-mt.c",
++ [32560].name = "input_mt_init_slots",
++ [32560].param2 = 1,
++ [32600].file = "drivers/net/wireless/ath/ath6kl/cfg80211.c",
++ [32600].name = "ath6kl_set_assoc_req_ies",
++ [32600].param3 = 1,
++ [32608].file = "security/selinux/selinuxfs.c",
++ [32608].name = "sel_write_checkreqprot",
++ [32608].param3 = 1,
++ [32812].file = "drivers/net/ethernet/neterion/vxge/vxge-config.c",
++ [32812].name = "__vxge_hw_channel_allocate",
++ [32812].param3 = 1,
++ [32950].file = "fs/reiserfs/resize.c",
++ [32950].name = "reiserfs_resize",
++ [32950].param2 = 1,
++ [33010].file = "drivers/media/dvb/dvb-core/dvb_ringbuffer.c",
++ [33010].name = "dvb_ringbuffer_pkt_read_user",
++ [33010].param5 = 1,
++ [33130].file = "net/llc/llc_sap.c",
++ [33130].name = "llc_alloc_frame",
++ [33130].param4 = 1,
++ [33221].file = "crypto/ablkcipher.c",
++ [33221].name = "ablkcipher_copy_iv",
++ [33221].param3 = 1,
++ [33268].file = "mm/maccess.c",
++ [33268].name = "__probe_kernel_write",
++ [33268].param3 = 1,
++ [33280].file = "fs/xfs/kmem.c",
++ [33280].name = "kmem_realloc",
++ [33280].param2 = 1,
++ [33375].file = "drivers/staging/rtl8712/osdep_service.h",
++ [33375].name = "_malloc",
++ [33375].param1 = 1,
++ [33420].file = "drivers/net/team/team.c",
++ [33420].name = "__team_options_register",
++ [33420].param3 = 1,
++ [33489].file = "fs/binfmt_misc.c",
++ [33489].name = "create_entry",
++ [33489].param2 = 1,
++ [33637].file = "net/9p/client.c",
++ [33637].name = "p9_client_read",
++ [33637].param5 = 1,
++ [33669].file = "fs/gfs2/glock.c",
++ [33669].name = "gfs2_glock_nq_m",
++ [33669].param1 = 1,
++ [33704].file = "drivers/gpu/drm/ttm/ttm_page_alloc_dma.c",
++ [33704].name = "ttm_dma_page_pool_free",
++ [33704].param2 = 1,
++ [33779].file = "drivers/staging/vme/devices/vme_user.c",
++ [33779].name = "resource_from_user",
++ [33779].param3 = 1,
++ [33810].file = "net/mac80211/util.c",
++ [33810].name = "ieee80211_send_probe_req",
++ [33810].param6 = 1,
++ [3384].file = "drivers/block/paride/pg.c",
++ [3384].name = "pg_write",
++ [3384].param3 = 1,
++ [34105].file = "fs/libfs.c",
++ [34105].name = "simple_read_from_buffer",
++ [34105].param2 = 1,
++ [34105].param5 = 1,
++ [34120].file = "drivers/media/video/pvrusb2/pvrusb2-io.c",
++ [34120].name = "pvr2_stream_buffer_count",
++ [34120].param2 = 1,
++ [34226].file = "mm/shmem.c",
++ [34226].name = "shmem_xattr_set",
++ [34226].param4 = 1,
++ [34251].file = "drivers/staging/cxt1e1/sbecom_inline_linux.h",
++ [34251].name = "OS_kmalloc",
++ [34251].param1 = 1,
++ [34276].file = "drivers/media/video/videobuf2-core.c",
++ [34276].name = "__vb2_perform_fileio",
++ [34276].param3 = 1,
++ [34278].file = "fs/ubifs/debug.c",
++ [34278].name = "dfs_global_file_write",
++ [34278].param3 = 1,
++ [34432].file = "drivers/edac/edac_pci.c",
++ [34432].name = "edac_pci_alloc_ctl_info",
++ [34432].param1 = 1,
++ [34532].file = "drivers/virtio/virtio_ring.c",
++ [34532].name = "vring_add_indirect",
++ [34532].param3 = 1,
++ [34532].param4 = 1,
++ [34543].file = "net/sctp/tsnmap.c",
++ [34543].name = "sctp_tsnmap_grow",
++ [34543].param2 = 1,
++ [34551].file = "fs/ocfs2/stack_user.c",
++ [34551].name = "ocfs2_control_cfu",
++ [34551].param2 = 1,
++ [34634].file = "drivers/net/wireless/ath/ath6kl/cfg80211.c",
++ [34634].name = "ath6kl_send_go_probe_resp",
++ [34634].param3 = 1,
++ [34666].file = "fs/cifs/cifs_debug.c",
++ [34666].name = "cifs_security_flags_proc_write",
++ [34666].param3 = 1,
++ [3466].file = "drivers/misc/altera-stapl/altera-jtag.c",
++ [3466].name = "altera_drscan",
++ [3466].param2 = 1,
++ [34672].file = "drivers/tty/tty_io.c",
++ [34672].name = "tty_write",
++ [34672].param3 = 1,
++ [34679].file = "drivers/media/video/ivtv/ivtv-fileops.c",
++ [34679].name = "ivtv_copy_buf_to_user",
++ [34679].param4 = 1,
++ [34721].file = "drivers/usb/host/hwa-hc.c",
++ [34721].name = "__hwahc_dev_set_key",
++ [34721].param5 = 1,
++ [34749].file = "mm/nobootmem.c",
++ [34749].name = "__alloc_bootmem_low_node",
++ [34749].param2 = 1,
++ [34760].file = "include/acpi/platform/aclinux.h",
++ [34760].name = "acpi_os_allocate_zeroed",
++ [34760].param1 = 1,
++ [34802].file = "drivers/scsi/cxgbi/libcxgbi.h",
++ [34802].name = "cxgbi_alloc_big_mem",
++ [34802].param1 = 1,
++ [34863].file = "drivers/video/fbsysfs.c",
++ [34863].name = "framebuffer_alloc",
++ [34863].param1 = 1,
++ [34868].file = "drivers/net/ethernet/brocade/bna/bnad_debugfs.c",
++ [34868].name = "bnad_debugfs_write_regrd",
++ [34868].param3 = 1,
++ [34882].file = "drivers/platform/x86/toshiba_acpi.c",
++ [34882].name = "video_proc_write",
++ [34882].param3 = 1,
++ [35050].file = "fs/ocfs2/dlmfs/dlmfs.c",
++ [35050].name = "dlmfs_file_write",
++ [35050].param3 = 1,
++ [35119].file = "fs/xattr.c",
++ [35119].name = "sys_llistxattr",
++ [35119].param3 = 1,
++ [35129].file = "mm/nobootmem.c",
++ [35129].name = "___alloc_bootmem_nopanic",
++ [35129].param1 = 1,
++ [35159].file = "drivers/net/wimax/i2400m/usb.c",
++ [35159].name = "__i2400mu_send_barker",
++ [35159].param3 = 1,
++ [35232].file = "drivers/media/video/cx18/cx18-fileops.c",
++ [35232].name = "cx18_read",
++ [35232].param3 = 1,
++ [35234].file = "net/irda/irnet/irnet_ppp.c",
++ [35234].name = "irnet_ctrl_write",
++ [35234].param3 = 1,
++ [35256].file = "sound/core/memory.c",
++ [35256].name = "copy_from_user_toio",
++ [35256].param3 = 1,
++ [35268].file = "security/keys/request_key_auth.c",
++ [35268].name = "request_key_auth_read",
++ [35268].param3 = 1,
++ [3538].file = "net/bluetooth/mgmt.c",
++ [3538].name = "disconnect",
++ [3538].param4 = 1,
++ [35443].file = "sound/core/pcm_memory.c",
++ [35443].name = "_snd_pcm_lib_alloc_vmalloc_buffer",
++ [35443].param2 = 1,
++ [35468].file = "drivers/xen/xenbus/xenbus_dev_frontend.c",
++ [35468].name = "xenbus_file_write",
++ [35468].param3 = 1,
++ [35536].file = "kernel/sysctl_binary.c",
++ [35536].name = "bin_uuid",
++ [35536].param3 = 1,
++ [35551].file = "drivers/media/video/ivtv/ivtv-fileops.c",
++ [35551].name = "ivtv_read_pos",
++ [35551].param3 = 1,
++ [35556].file = "fs/read_write.c",
++ [35556].name = "sys_readv",
++ [35556].param3 = 1,
++ [35693].file = "drivers/staging/mei/main.c",
++ [35693].name = "mei_read",
++ [35693].param3 = 1,
++ [35703].file = "crypto/ablkcipher.c",
++ [35703].name = "ablkcipher_next_slow",
++ [35703].param3 = 1,
++ [35703].param4 = 1,
++ [35729].file = "include/linux/skbuff.h",
++ [35729].name = "__dev_alloc_skb",
++ [35729].param1 = 1,
++ [35731].file = "drivers/usb/class/cdc-wdm.c",
++ [35731].name = "wdm_read",
++ [35731].param3 = 1,
++ [35796].file = "drivers/mtd/nand/nand_bch.c",
++ [35796].name = "nand_bch_init",
++ [35796].param2 = 1,
++ [35796].param3 = 1,
++ [35880].file = "fs/ecryptfs/crypto.c",
++ [35880].name = "ecryptfs_encrypt_and_encode_filename",
++ [35880].param6 = 1,
++ [36076].file = "drivers/net/ethernet/sfc/tx.c",
++ [36076].name = "efx_tsoh_heap_alloc",
++ [36076].param2 = 1,
++ [36080].file = "drivers/media/video/v4l2-ioctl.c",
++ [36080].name = "video_usercopy",
++ [36080].param2 = 1,
++ [36149].file = "fs/udf/inode.c",
++ [36149].name = "udf_alloc_i_data",
++ [36149].param2 = 1,
++ [36183].file = "drivers/tty/vt/vc_screen.c",
++ [36183].name = "vcs_read",
++ [36183].param3 = 1,
++ [36199].file = "net/sunrpc/auth_gss/auth_gss.c",
++ [36199].name = "gss_pipe_downcall",
++ [36199].param3 = 1,
++ [36206].file = "net/ipv4/tcp_input.c",
++ [36206].name = "tcp_collapse",
++ [36206].param5 = 1,
++ [36206].param6 = 1,
++ [36230].file = "drivers/net/wan/hdlc_ppp.c",
++ [36230].name = "ppp_cp_parse_cr",
++ [36230].param4 = 1,
++ [36284].file = "drivers/spi/spi.c",
++ [36284].name = "spi_register_board_info",
++ [36284].param2 = 1,
++ [36490].file = "drivers/net/wireless/ath/ath6kl/cfg80211.c",
++ [36490].name = "ath6kl_cfg80211_connect_event",
++ [36490].param7 = 1,
++ [36522].file = "drivers/hid/hidraw.c",
++ [36522].name = "hidraw_send_report",
++ [36522].param3 = 1,
++ [36560].file = "net/sunrpc/cache.c",
++ [36560].name = "write_flush",
++ [36560].param3 = 1,
++ [36807].file = "drivers/usb/mon/mon_bin.c",
++ [36807].name = "mon_bin_get_event",
++ [36807].param4 = 1,
++ [37034].file = "fs/cifs/cifssmb.c",
++ [37034].name = "cifs_writedata_alloc",
++ [37034].param1 = 1,
++ [37044].file = "sound/firewire/packets-buffer.c",
++ [37044].name = "iso_packets_buffer_init",
++ [37044].param3 = 1,
++ [37108].file = "drivers/media/dvb/ttpci/av7110_av.c",
++ [37108].name = "dvb_video_write",
++ [37108].param3 = 1,
++ [37154].file = "net/nfc/llcp/commands.c",
++ [37154].name = "nfc_llcp_build_tlv",
++ [37154].param3 = 1,
++ [37163].file = "net/core/skbuff.c",
++ [37163].name = "__netdev_alloc_skb",
++ [37163].param2 = 1,
++ [37233].file = "fs/ocfs2/cluster/tcp.c",
++ [37233].name = "o2net_send_message_vec",
++ [37233].param4 = 1,
++ [37241].file = "net/atm/lec.c",
++ [37241].name = "lane2_associate_req",
++ [37241].param4 = 1,
++ [37384].file = "drivers/gpu/drm/vmwgfx/vmwgfx_fifo.c",
++ [37384].name = "vmw_fifo_reserve",
++ [37384].param2 = 1,
++ [37497].file = "net/mac80211/util.c",
++ [37497].name = "ieee80211_build_probe_req",
++ [37497].param7 = 1,
++ [37535].file = "kernel/trace/trace.c",
++ [37535].name = "tracing_trace_options_write",
++ [37535].param3 = 1,
++ [37611].file = "drivers/xen/xenbus/xenbus_xs.c",
++ [37611].name = "split",
++ [37611].param2 = 1,
++ [37661].file = "mm/filemap.c",
++ [37661].name = "file_read_actor",
++ [37661].param4 = 1,
++ [37852].file = "drivers/staging/android/logger.c",
++ [37852].name = "do_read_log_to_user",
++ [37852].param4 = 1,
++ [37921].file = "drivers/net/wireless/wl12xx/rx.c",
++ [37921].name = "wl1271_rx_handle_data",
++ [37921].param3 = 1,
++ [37976].file = "drivers/platform/x86/asus_acpi.c",
++ [37976].name = "bluetooth_proc_write",
++ [37976].param3 = 1,
++ [3797].file = "sound/pci/asihpi/hpicmn.c",
++ [3797].name = "hpi_alloc_control_cache",
++ [3797].param1 = 1,
++ [3801].file = "drivers/block/paride/pt.c",
++ [3801].name = "pt_write",
++ [3801].param3 = 1,
++ [38052].file = "kernel/kexec.c",
++ [38052].name = "kimage_normal_alloc",
++ [38052].param3 = 1,
++ [38057].file = "fs/coda/psdev.c",
++ [38057].name = "coda_psdev_write",
++ [38057].param3 = 1,
++ [38186].file = "kernel/signal.c",
++ [38186].name = "do_sigpending",
++ [38186].param2 = 1,
++ [38314].file = "fs/nfs/read.c",
++ [38314].name = "nfs_readdata_alloc",
++ [38314].param1 = 1,
++ [38401].file = "drivers/xen/xenbus/xenbus_dev_frontend.c",
++ [38401].name = "queue_reply",
++ [38401].param3 = 1,
++ [3841].file = "drivers/platform/x86/asus_acpi.c",
++ [3841].name = "write_led",
++ [3841].param2 = 1,
++ [38532].file = "fs/afs/cell.c",
++ [38532].name = "afs_cell_lookup",
++ [38532].param2 = 1,
++ [38564].file = "fs/nfs/nfs4proc.c",
++ [38564].name = "nfs4_realloc_slot_table",
++ [38564].param2 = 1,
++ [38576].file = "drivers/i2c/i2c-dev.c",
++ [38576].name = "i2cdev_read",
++ [38576].param3 = 1,
++ [38704].file = "drivers/media/video/uvc/uvc_driver.c",
++ [38704].name = "uvc_alloc_entity",
++ [38704].param3 = 1,
++ [38704].param4 = 1,
++ [38747].file = "fs/xattr.c",
++ [38747].name = "sys_lgetxattr",
++ [38747].param4 = 1,
++ [38867].file = "drivers/scsi/scsi_transport_fc.c",
++ [38867].name = "fc_host_post_vendor_event",
++ [38867].param3 = 1,
++ [38931].file = "drivers/isdn/hardware/eicon/capimain.c",
++ [38931].name = "diva_os_alloc_message_buffer",
++ [38931].param1 = 1,
++ [38972].file = "security/smack/smackfs.c",
++ [38972].name = "smk_write_logging",
++ [38972].param3 = 1,
++ [39001].file = "net/xfrm/xfrm_hash.c",
++ [39001].name = "xfrm_hash_alloc",
++ [39001].param1 = 1,
++ [39052].file = "drivers/input/evdev.c",
++ [39052].name = "evdev_ioctl",
++ [39052].param2 = 1,
++ [39066].file = "drivers/media/dvb/frontends/tda10048.c",
++ [39066].name = "tda10048_writeregbulk",
++ [39066].param4 = 1,
++ [39118].file = "drivers/misc/iwmc3200top/log.c",
++ [39118].name = "store_iwmct_log_level_fw",
++ [39118].param4 = 1,
++ [39254].file = "drivers/char/pcmcia/cm4000_cs.c",
++ [39254].name = "cmm_write",
++ [39254].param3 = 1,
++ [39392].file = "drivers/atm/solos-pci.c",
++ [39392].name = "send_command",
++ [39392].param4 = 1,
++ [39415].file = "fs/pstore/inode.c",
++ [39415].name = "pstore_mkfile",
++ [39415].param5 = 1,
++ [39417].file = "drivers/block/DAC960.c",
++ [39417].name = "dac960_user_command_proc_write",
++ [39417].param3 = 1,
++ [39460].file = "fs/btrfs/volumes.c",
++ [39460].name = "btrfs_map_block",
++ [39460].param3 = 1,
++ [39479].file = "drivers/ide/ide-tape.c",
++ [39479].name = "idetape_chrdev_read",
++ [39479].param3 = 1,
++ [39586].file = "drivers/hv/channel.c",
++ [39586].name = "create_gpadl_header",
++ [39586].param2 = 1,
++ [39638].file = "security/selinux/selinuxfs.c",
++ [39638].name = "sel_write_avc_cache_threshold",
++ [39638].param3 = 1,
++ [39645].file = "drivers/media/dvb/dvb-core/dvbdev.c",
++ [39645].name = "dvb_generic_ioctl",
++ [39645].param2 = 1,
++ [39770].file = "include/linux/mISDNif.h",
++ [39770].name = "mI_alloc_skb",
++ [39770].param1 = 1,
++ [39813].file = "fs/ocfs2/stack_user.c",
++ [39813].name = "ocfs2_control_message",
++ [39813].param3 = 1,
++ [39888].file = "net/core/skbuff.c",
++ [39888].name = "__alloc_skb",
++ [39888].param1 = 1,
++ [39980].file = "net/bluetooth/mgmt.c",
++ [39980].name = "pair_device",
++ [39980].param4 = 1,
++ [40043].file = "drivers/media/video/v4l2-ioctl.c",
++ [40043].name = "video_ioctl2",
++ [40043].param2 = 1,
++ [40049].file = "drivers/bluetooth/btmrvl_debugfs.c",
++ [40049].name = "btmrvl_psmode_write",
++ [40049].param3 = 1,
++ [40075].file = "drivers/media/video/c-qcam.c",
++ [40075].name = "qc_capture",
++ [40075].param3 = 1,
++ [40163].file = "fs/ncpfs/file.c",
++ [40163].name = "ncp_file_write",
++ [40163].param3 = 1,
++ [40240].file = "drivers/char/nvram.c",
++ [40240].name = "nvram_write",
++ [40240].param3 = 1,
++ [40256].file = "drivers/tty/vt/vc_screen.c",
++ [40256].name = "vcs_write",
++ [40256].param3 = 1,
++ [40302].file = "sound/isa/gus/gus_dram.c",
++ [40302].name = "snd_gus_dram_poke",
++ [40302].param4 = 1,
++ [40339].file = "drivers/acpi/apei/hest.c",
++ [40339].name = "hest_ghes_dev_register",
++ [40339].param1 = 1,
++ [40355].file = "drivers/staging/mei/main.c",
++ [40355].name = "mei_write",
++ [40355].param3 = 1,
++ [40373].file = "fs/cifs/cifs_spnego.c",
++ [40373].name = "cifs_spnego_key_instantiate",
++ [40373].param3 = 1,
++ [40519].file = "net/sctp/socket.c",
++ [40519].name = "sctp_setsockopt_events",
++ [40519].param3 = 1,
++ [40694].file = "mm/page_cgroup.c",
++ [40694].name = "alloc_page_cgroup",
++ [40694].param1 = 1,
++ [40731].file = "drivers/tty/tty_io.c",
++ [40731].name = "do_tty_write",
++ [40731].param5 = 1,
++ [40754].file = "fs/btrfs/delayed-inode.c",
++ [40754].name = "btrfs_alloc_delayed_item",
++ [40754].param1 = 1,
++ [40786].file = "net/ipv4/netfilter/nf_nat_snmp_basic.c",
++ [40786].name = "asn1_octets_decode",
++ [40786].param2 = 1,
++ [40901].file = "drivers/block/drbd/drbd_bitmap.c",
++ [40901].name = "drbd_bm_resize",
++ [40901].param2 = 1,
++ [40951].file = "drivers/xen/evtchn.c",
++ [40951].name = "evtchn_read",
++ [40951].param3 = 1,
++ [40952].file = "drivers/misc/sgi-xp/xpc_partition.c",
++ [40952].name = "xpc_kmalloc_cacheline_aligned",
++ [40952].param1 = 1,
++ [41000].file = "sound/core/pcm_native.c",
++ [41000].name = "snd_pcm_aio_read",
++ [41000].param3 = 1,
++ [41005].file = "net/bridge/netfilter/ebtables.c",
++ [41005].name = "copy_counters_to_user",
++ [41005].param5 = 1,
++ [41041].file = "net/core/sock.c",
++ [41041].name = "sock_wmalloc",
++ [41041].param2 = 1,
++ [41122].file = "fs/binfmt_misc.c",
++ [41122].name = "bm_status_write",
++ [41122].param3 = 1,
++ [41176].file = "kernel/trace/trace_events.c",
++ [41176].name = "subsystem_filter_write",
++ [41176].param3 = 1,
++ [41249].file = "drivers/media/video/zr364xx.c",
++ [41249].name = "send_control_msg",
++ [41249].param6 = 1,
++ [41287].file = "drivers/net/ethernet/neterion/vxge/vxge-config.c",
++ [41287].name = "vxge_os_dma_malloc_async",
++ [41287].param3 = 1,
++ [41302].file = "net/dns_resolver/dns_query.c",
++ [41302].name = "dns_query",
++ [41302].param3 = 1,
++ [41408].file = "mm/filemap_xip.c",
++ [41408].name = "__xip_file_write",
++ [41408].param3 = 1,
++ [41547].file = "net/bluetooth/smp.c",
++ [41547].name = "smp_build_cmd",
++ [41547].param3 = 1,
++ [4155].file = "kernel/kexec.c",
++ [4155].name = "do_kimage_alloc",
++ [4155].param3 = 1,
++ [41676].file = "fs/compat.c",
++ [41676].name = "compat_sys_preadv",
++ [41676].param3 = 1,
++ [4167].file = "drivers/media/dvb/frontends/cx24116.c",
++ [4167].name = "cx24116_writeregN",
++ [4167].param4 = 1,
++ [41793].file = "drivers/net/wireless/ath/ath6kl/wmi.c",
++ [41793].name = "ath6kl_wmi_send_mgmt_cmd",
++ [41793].param7 = 1,
++ [41924].file = "security/keys/keyctl.c",
++ [41924].name = "keyctl_get_security",
++ [41924].param3 = 1,
++ [41968].file = "fs/btrfs/volumes.c",
++ [41968].name = "__btrfs_map_block",
++ [41968].param3 = 1,
++ [4202].file = "drivers/edac/edac_mc.c",
++ [4202].name = "edac_mc_alloc",
++ [4202].param1 = 1,
++ [42081].file = "net/econet/af_econet.c",
++ [42081].name = "aun_incoming",
++ [42081].param3 = 1,
++ [42143].file = "drivers/media/video/c-qcam.c",
++ [42143].name = "qcam_read",
++ [42143].param3 = 1,
++ [42206].file = "fs/quota/quota_tree.c",
++ [42206].name = "getdqbuf",
++ [42206].param1 = 1,
++ [42270].file = "net/wireless/scan.c",
++ [42270].name = "cfg80211_inform_bss_frame",
++ [42270].param4 = 1,
++ [42281].file = "include/linux/mISDNif.h",
++ [42281].name = "_queue_data",
++ [42281].param4 = 1,
++ [42420].file = "drivers/net/wireless/hostap/hostap_ioctl.c",
++ [42420].name = "prism2_set_genericelement",
++ [42420].param3 = 1,
++ [42472].file = "fs/compat.c",
++ [42472].name = "compat_readv",
++ [42472].param3 = 1,
++ [42473].file = "net/tipc/name_table.c",
++ [42473].name = "tipc_subseq_alloc",
++ [42473].param1 = 1,
++ [42562].file = "kernel/kfifo.c",
++ [42562].name = "__kfifo_to_user_r",
++ [42562].param3 = 1,
++ [42666].file = "drivers/pcmcia/cistpl.c",
++ [42666].name = "read_cis_cache",
++ [42666].param4 = 1,
++ [42714].file = "drivers/scsi/scsi_tgt_lib.c",
++ [42714].name = "scsi_tgt_copy_sense",
++ [42714].param3 = 1,
++ [42833].file = "kernel/trace/blktrace.c",
++ [42833].name = "blk_msg_write",
++ [42833].param3 = 1,
++ [42857].file = "security/selinux/selinuxfs.c",
++ [42857].name = "sel_write_member",
++ [42857].param3 = 1,
++ [42882].file = "security/keys/user_defined.c",
++ [42882].name = "user_instantiate",
++ [42882].param3 = 1,
++ [42930].file = "net/caif/cfpkt_skbuff.c",
++ [42930].name = "cfpkt_create_pfx",
++ [42930].param1 = 1,
++ [42930].param2 = 1,
++ [43023].file = "drivers/usb/misc/usblcd.c",
++ [43023].name = "lcd_write",
++ [43023].param3 = 1,
++ [43104].file = "drivers/mtd/devices/mtd_dataflash.c",
++ [43104].name = "dataflash_read_user_otp",
++ [43104].param3 = 1,
++ [43133].file = "lib/mpi/mpiutil.c",
++ [43133].name = "mpi_resize",
++ [43133].param2 = 1,
++ [4324].file = "drivers/video/fbmem.c",
++ [4324].name = "fb_read",
++ [4324].param3 = 1,
++ [43266].file = "fs/afs/cell.c",
++ [43266].name = "afs_cell_alloc",
++ [43266].param2 = 1,
++ [4328].file = "drivers/usb/musb/musb_debugfs.c",
++ [4328].name = "musb_test_mode_write",
++ [4328].param3 = 1,
++ [43380].file = "drivers/scsi/bfa/bfad_debugfs.c",
++ [43380].name = "bfad_debugfs_write_regrd",
++ [43380].param3 = 1,
++ [43510].file = "kernel/kexec.c",
++ [43510].name = "compat_sys_kexec_load",
++ [43510].param2 = 1,
++ [43540].file = "include/rdma/ib_verbs.h",
++ [43540].name = "ib_copy_to_udata",
++ [43540].param3 = 1,
++ [4357].file = "security/tomoyo/securityfs_if.c",
++ [4357].name = "tomoyo_read_self",
++ [4357].param3 = 1,
++ [43590].file = "security/smack/smackfs.c",
++ [43590].name = "smk_write_onlycap",
++ [43590].param3 = 1,
++ [43596].file = "drivers/usb/core/buffer.c",
++ [43596].name = "hcd_buffer_alloc",
++ [43596].param2 = 1,
++ [43632].file = "drivers/media/video/videobuf2-core.c",
++ [43632].name = "vb2_read",
++ [43632].param3 = 1,
++ [43659].file = "drivers/firmware/efivars.c",
++ [43659].name = "efivar_create_sysfs_entry",
++ [43659].param2 = 1,
++ [43731].file = "drivers/hid/hid-picolcd.c",
++ [43731].name = "picolcd_debug_eeprom_read",
++ [43731].param3 = 1,
++ [43777].file = "drivers/acpi/acpica/utobject.c",
++ [43777].name = "acpi_ut_create_buffer_object",
++ [43777].param1 = 1,
++ [43798].file = "net/bluetooth/mgmt.c",
++ [43798].name = "set_local_name",
++ [43798].param4 = 1,
++ [4380].file = "drivers/mtd/devices/mtd_dataflash.c",
++ [4380].name = "dataflash_read_fact_otp",
++ [4380].param3 = 1,
++ [43834].file = "security/apparmor/apparmorfs.c",
++ [43834].name = "profile_replace",
++ [43834].param3 = 1,
++ [43895].file = "drivers/media/dvb/ddbridge/ddbridge-core.c",
++ [43895].name = "ddb_output_write",
++ [43895].param3 = 1,
++ [43899].file = "drivers/media/rc/imon.c",
++ [43899].name = "vfd_write",
++ [43899].param3 = 1,
++ [43900].file = "drivers/scsi/cxgbi/libcxgbi.c",
++ [43900].name = "cxgbi_device_portmap_create",
++ [43900].param3 = 1,
++ [43922].file = "drivers/mmc/card/mmc_test.c",
++ [43922].name = "mmc_test_alloc_mem",
++ [43922].param3 = 1,
++ [43946].file = "drivers/net/wireless/ath/ath6kl/txrx.c",
++ [43946].name = "aggr_recv_addba_req_evt",
++ [43946].param4 = 1,
++ [44006].file = "mm/process_vm_access.c",
++ [44006].name = "process_vm_rw_pages",
++ [44006].param5 = 1,
++ [44006].param6 = 1,
++ [44050].file = "fs/nfs/idmap.c",
++ [44050].name = "nfs_map_group_to_gid",
++ [44050].param3 = 1,
++ [44125].file = "fs/ext4/super.c",
++ [44125].name = "ext4_kvmalloc",
++ [44125].param1 = 1,
++ [44266].file = "kernel/cgroup.c",
++ [44266].name = "cgroup_write_string",
++ [44266].param5 = 1,
++ [44290].file = "drivers/net/usb/dm9601.c",
++ [44290].name = "dm_read",
++ [44290].param3 = 1,
++ [44308].file = "crypto/af_alg.c",
++ [44308].name = "alg_setkey",
++ [44308].param3 = 1,
++ [44510].file = "drivers/net/ethernet/broadcom/bnx2.c",
++ [44510].name = "bnx2_nvram_write",
++ [44510].param2 = 1,
++ [44625].file = "net/bluetooth/mgmt.c",
++ [44625].name = "set_connectable",
++ [44625].param4 = 1,
++ [44642].file = "drivers/net/wireless/iwmc3200wifi/commands.c",
++ [44642].name = "iwm_umac_set_config_var",
++ [44642].param4 = 1,
++ [44698].file = "net/sctp/socket.c",
++ [44698].name = "sctp_setsockopt_context",
++ [44698].param3 = 1,
++ [4471].file = "fs/ntfs/malloc.h",
++ [4471].name = "__ntfs_malloc",
++ [4471].param1 = 1,
++ [44773].file = "drivers/staging/vme/devices/vme_user.c",
++ [44773].name = "vme_user_write",
++ [44773].param3 = 1,
++ [44825].file = "drivers/scsi/osd/osd_initiator.c",
++ [44825].name = "_osd_realloc_seg",
++ [44825].param3 = 1,
++ [44852].file = "net/sctp/socket.c",
++ [44852].name = "sctp_setsockopt_rtoinfo",
++ [44852].param3 = 1,
++ [44936].file = "drivers/md/dm-raid.c",
++ [44936].name = "context_alloc",
++ [44936].param3 = 1,
++ [44943].file = "mm/util.c",
++ [44943].name = "kmemdup",
++ [44943].param2 = 1,
++ [44946].file = "net/sctp/socket.c",
++ [44946].name = "sctp_setsockopt_auth_chunk",
++ [44946].param3 = 1,
++ [44990].file = "drivers/media/video/pvrusb2/pvrusb2-ioread.c",
++ [44990].name = "pvr2_ioread_set_sync_key",
++ [44990].param3 = 1,
++ [45000].file = "fs/afs/proc.c",
++ [45000].name = "afs_proc_rootcell_write",
++ [45000].param3 = 1,
++ [45117].file = "drivers/staging/winbond/wb35reg.c",
++ [45117].name = "Wb35Reg_BurstWrite",
++ [45117].param4 = 1,
++ [45200].file = "drivers/scsi/scsi_proc.c",
++ [45200].name = "proc_scsi_write_proc",
++ [45200].param3 = 1,
++ [45217].file = "drivers/net/wireless/iwlwifi/iwl-debugfs.c",
++ [45217].name = "iwl_dbgfs_debug_level_write",
++ [45217].param3 = 1,
++ [45233].file = "net/rds/info.c",
++ [45233].name = "rds_info_getsockopt",
++ [45233].param3 = 1,
++ [45326].file = "drivers/mtd/ubi/cdev.c",
++ [45326].name = "vol_cdev_read",
++ [45326].param3 = 1,
++ [45335].file = "fs/read_write.c",
++ [45335].name = "vfs_writev",
++ [45335].param3 = 1,
++ [45366].file = "drivers/net/ethernet/chelsio/cxgb3/cxgb3_offload.c",
++ [45366].name = "init_tid_tabs",
++ [45366].param2 = 1,
++ [45366].param3 = 1,
++ [45366].param4 = 1,
++ [45534].file = "drivers/net/wireless/ath/carl9170/cmd.c",
++ [45534].name = "carl9170_cmd_buf",
++ [45534].param3 = 1,
++ [45576].file = "net/netfilter/xt_recent.c",
++ [45576].name = "recent_mt_proc_write",
++ [45576].param3 = 1,
++ [45583].file = "fs/gfs2/dir.c",
++ [45583].name = "leaf_dealloc",
++ [45583].param3 = 1,
++ [45586].file = "drivers/net/wireless/rt2x00/rt2x00debug.c",
++ [45586].name = "rt2x00debug_write_bbp",
++ [45586].param3 = 1,
++ [45629].file = "lib/bch.c",
++ [45629].name = "bch_alloc",
++ [45629].param1 = 1,
++ [45633].file = "drivers/input/evdev.c",
++ [45633].name = "evdev_do_ioctl",
++ [45633].param2 = 1,
++ [45743].file = "drivers/net/ethernet/qlogic/qlcnic/qlcnic_main.c",
++ [45743].name = "qlcnic_alloc_msix_entries",
++ [45743].param2 = 1,
++ [45864].file = "drivers/atm/ambassador.c",
++ [45864].name = "create_queues",
++ [45864].param2 = 1,
++ [45864].param3 = 1,
++ [45930].file = "security/apparmor/apparmorfs.c",
++ [45930].name = "profile_remove",
++ [45930].param3 = 1,
++ [45954].file = "drivers/usb/misc/legousbtower.c",
++ [45954].name = "tower_write",
++ [45954].param3 = 1,
++ [46140].file = "sound/core/memalloc.c",
++ [46140].name = "snd_mem_proc_write",
++ [46140].param3 = 1,
++ [4616].file = "net/sunrpc/cache.c",
++ [4616].name = "cache_do_downcall",
++ [4616].param3 = 1,
++ [46243].file = "fs/binfmt_misc.c",
++ [46243].name = "bm_register_write",
++ [46243].param3 = 1,
++ [46250].file = "fs/xattr.c",
++ [46250].name = "sys_getxattr",
++ [46250].param4 = 1,
++ [46343].file = "fs/compat.c",
++ [46343].name = "compat_do_readv_writev",
++ [46343].param4 = 1,
++ [46400].file = "drivers/staging/sep/sep_driver.c",
++ [46400].name = "sep_prepare_input_output_dma_table",
++ [46400].param2 = 1,
++ [46400].param3 = 1,
++ [46400].param4 = 1,
++ [4644].file = "drivers/net/usb/mcs7830.c",
++ [4644].name = "mcs7830_get_reg",
++ [4644].param3 = 1,
++ [46605].file = "sound/core/oss/pcm_oss.c",
++ [46605].name = "snd_pcm_oss_sync1",
++ [46605].param2 = 1,
++ [46630].file = "net/decnet/af_decnet.c",
++ [46630].name = "__dn_setsockopt",
++ [46630].param5 = 1,
++ [46655].file = "drivers/media/video/hdpvr/hdpvr-video.c",
++ [46655].name = "hdpvr_read",
++ [46655].param3 = 1,
++ [46685].file = "drivers/gpu/drm/ttm/ttm_bo_vm.c",
++ [46685].name = "ttm_bo_fbdev_io",
++ [46685].param4 = 1,
++ [46742].file = "drivers/scsi/st.c",
++ [46742].name = "sgl_map_user_pages",
++ [46742].param2 = 1,
++ [46881].file = "drivers/char/lp.c",
++ [46881].name = "lp_write",
++ [46881].param3 = 1,
++ [47130].file = "kernel/kfifo.c",
++ [47130].name = "kfifo_copy_to_user",
++ [47130].param3 = 1,
++ [47265].file = "drivers/scsi/bnx2fc/bnx2fc_io.c",
++ [47265].name = "bnx2fc_cmd_mgr_alloc",
++ [47265].param2 = 1,
++ [47265].param3 = 1,
++ [47309].file = "drivers/scsi/aic94xx/aic94xx_init.c",
++ [47309].name = "asd_store_update_bios",
++ [47309].param4 = 1,
++ [47342].file = "fs/proc/base.c",
++ [47342].name = "sched_autogroup_write",
++ [47342].param3 = 1,
++ [47363].file = "drivers/input/evdev.c",
++ [47363].name = "evdev_ioctl_handler",
++ [47363].param2 = 1,
++ [47385].file = "drivers/net/wireless/zd1211rw/zd_usb.c",
++ [47385].name = "zd_usb_iowrite16v",
++ [47385].param3 = 1,
++ [4738].file = "drivers/net/wireless/ath/ath6kl/cfg80211.c",
++ [4738].name = "ath6kl_set_ap_probe_resp_ies",
++ [4738].param3 = 1,
++ [47393].file = "drivers/net/wireless/ath/main.c",
++ [47393].name = "ath_rxbuf_alloc",
++ [47393].param2 = 1,
++ [47463].file = "fs/xfs/kmem.c",
++ [47463].name = "kmem_zalloc",
++ [47463].param1 = 1,
++ [47474].file = "kernel/trace/trace.c",
++ [47474].name = "tracing_buffers_read",
++ [47474].param3 = 1,
++ [47636].file = "drivers/usb/class/usblp.c",
++ [47636].name = "usblp_ioctl",
++ [47636].param2 = 1,
++ [47637].file = "drivers/block/cciss.c",
++ [47637].name = "cciss_proc_write",
++ [47637].param3 = 1,
++ [47712].file = "net/sctp/socket.c",
++ [47712].name = "sctp_setsockopt_maxburst",
++ [47712].param3 = 1,
++ [47728].file = "drivers/char/agp/isoch.c",
++ [47728].name = "agp_3_5_isochronous_node_enable",
++ [47728].param3 = 1,
++ [4779].file = "fs/pipe.c",
++ [4779].name = "pipe_set_size",
++ [4779].param2 = 1,
++ [47881].file = "security/selinux/selinuxfs.c",
++ [47881].name = "sel_write_disable",
++ [47881].param3 = 1,
++ [48111].file = "net/wireless/sme.c",
++ [48111].name = "cfg80211_roamed_bss",
++ [48111].param4 = 1,
++ [48111].param6 = 1,
++ [48124].file = "drivers/net/wireless/iwmc3200wifi/main.c",
++ [48124].name = "iwm_notif_send",
++ [48124].param6 = 1,
++ [48155].file = "net/sctp/sm_make_chunk.c",
++ [48155].name = "sctp_make_abort_user",
++ [48155].param3 = 1,
++ [48182].file = "crypto/cryptd.c",
++ [48182].name = "cryptd_alloc_instance",
++ [48182].param2 = 1,
++ [48182].param3 = 1,
++ [48248].file = "security/keys/keyctl.c",
++ [48248].name = "keyctl_instantiate_key",
++ [48248].param3 = 1,
++ [4829].file = "drivers/block/floppy.c",
++ [4829].name = "fd_copyout",
++ [4829].param3 = 1,
++ [48632].file = "net/bluetooth/l2cap_core.c",
++ [48632].name = "l2cap_build_cmd",
++ [48632].param4 = 1,
++ [48642].file = "fs/hugetlbfs/inode.c",
++ [48642].name = "hugetlbfs_read",
++ [48642].param3 = 1,
++ [48720].file = "drivers/gpu/drm/i915/i915_debugfs.c",
++ [48720].name = "i915_max_freq_write",
++ [48720].param3 = 1,
++ [48768].file = "net/irda/irnet/irnet_ppp.c",
++ [48768].name = "dev_irnet_write",
++ [48768].param3 = 1,
++ [48818].file = "net/sunrpc/svc.c",
++ [48818].name = "svc_pool_map_alloc_arrays",
++ [48818].param2 = 1,
++ [48856].file = "drivers/acpi/acpica/utalloc.c",
++ [48856].name = "acpi_ut_initialize_buffer",
++ [48856].param2 = 1,
++ [48862].file = "net/sctp/socket.c",
++ [48862].name = "sctp_setsockopt_adaptation_layer",
++ [48862].param3 = 1,
++ [49126].file = "lib/prio_heap.c",
++ [49126].name = "heap_init",
++ [49126].param2 = 1,
++ [49143].file = "sound/core/oss/pcm_oss.c",
++ [49143].name = "snd_pcm_oss_write2",
++ [49143].param3 = 1,
++ [49216].file = "fs/read_write.c",
++ [49216].name = "do_readv_writev",
++ [49216].param4 = 1,
++ [49426].file = "net/bluetooth/l2cap_sock.c",
++ [49426].name = "l2cap_sock_setsockopt_old",
++ [49426].param4 = 1,
++ [49448].file = "drivers/isdn/gigaset/common.c",
++ [49448].name = "gigaset_initdriver",
++ [49448].param2 = 1,
++ [49494].file = "drivers/virtio/virtio_ring.c",
++ [49494].name = "vring_new_virtqueue",
++ [49494].param1 = 1,
++ [49499].file = "drivers/block/nvme.c",
++ [49499].name = "nvme_alloc_iod",
++ [49499].param1 = 1,
++ [49510].file = "net/sctp/socket.c",
++ [49510].name = "sctp_setsockopt_autoclose",
++ [49510].param3 = 1,
++ [4958].file = "drivers/net/wireless/p54/fwio.c",
++ [4958].name = "p54_alloc_skb",
++ [4958].param3 = 1,
++ [49604].file = "crypto/af_alg.c",
++ [49604].name = "alg_setsockopt",
++ [49604].param5 = 1,
++ [49646].file = "drivers/tty/vt/vt.c",
++ [49646].name = "vc_resize",
++ [49646].param2 = 1,
++ [49646].param3 = 1,
++ [49658].file = "drivers/net/wireless/brcm80211/brcmsmac/dma.c",
++ [49658].name = "dma_attach",
++ [49658].param6 = 1,
++ [49658].param7 = 1,
++ [49663].file = "drivers/media/video/uvc/uvc_driver.c",
++ [49663].name = "uvc_simplify_fraction",
++ [49663].param3 = 1,
++ [49746].file = "net/ipv4/netfilter/arp_tables.c",
++ [49746].name = "compat_do_arpt_set_ctl",
++ [49746].param4 = 1,
++ [49780].file = "net/mac80211/key.c",
++ [49780].name = "ieee80211_key_alloc",
++ [49780].param3 = 1,
++ [49805].file = "drivers/pci/pci.c",
++ [49805].name = "pci_add_cap_save_buffer",
++ [49805].param3 = 1,
++ [49845].file = "mm/vmalloc.c",
++ [49845].name = "__vmalloc_node",
++ [49845].param1 = 1,
++ [49929].file = "drivers/mtd/ubi/cdev.c",
++ [49929].name = "vol_cdev_direct_write",
++ [49929].param3 = 1,
++ [49935].file = "fs/xfs/kmem.c",
++ [49935].name = "kmem_zalloc_greedy",
++ [49935].param2 = 1,
++ [49935].param3 = 1,
++ [49].file = "net/atm/svc.c",
++ [49].name = "svc_setsockopt",
++ [49].param5 = 1,
++ [50518].file = "drivers/gpu/drm/nouveau/nouveau_gem.c",
++ [50518].name = "u_memcpya",
++ [50518].param2 = 1,
++ [50518].param3 = 1,
++ [5052].file = "drivers/char/ppdev.c",
++ [5052].name = "pp_read",
++ [5052].param3 = 1,
++ [50562].file = "drivers/media/video/zoran/zoran_procfs.c",
++ [50562].name = "zoran_write",
++ [50562].param3 = 1,
++ [50617].file = "fs/hugetlbfs/inode.c",
++ [50617].name = "hugetlbfs_read_actor",
++ [50617].param2 = 1,
++ [50617].param4 = 1,
++ [50617].param5 = 1,
++ [50692].file = "lib/ts_bm.c",
++ [50692].name = "bm_init",
++ [50692].param2 = 1,
++ [50813].file = "mm/vmalloc.c",
++ [50813].name = "__vmalloc_node_flags",
++ [50813].param1 = 1,
++ [5087].file = "drivers/atm/solos-pci.c",
++ [5087].name = "console_store",
++ [5087].param4 = 1,
++ [5102].file = "drivers/usb/misc/usbtest.c",
++ [5102].name = "usbtest_alloc_urb",
++ [5102].param3 = 1,
++ [5102].param5 = 1,
++ [51061].file = "net/bluetooth/mgmt.c",
++ [51061].name = "pin_code_reply",
++ [51061].param4 = 1,
++ [51139].file = "fs/pipe.c",
++ [51139].name = "pipe_iov_copy_to_user",
++ [51139].param3 = 1,
++ [51177].file = "net/sunrpc/xprtrdma/transport.c",
++ [51177].name = "xprt_rdma_allocate",
++ [51177].param2 = 1,
++ [51182].file = "drivers/misc/sgi-xp/xpc_main.c",
++ [51182].name = "xpc_kzalloc_cacheline_aligned",
++ [51182].param1 = 1,
++ [51250].file = "fs/read_write.c",
++ [51250].name = "rw_copy_check_uvector",
++ [51250].param3 = 1,
++ [51253].file = "drivers/net/wireless/rt2x00/rt2x00debug.c",
++ [51253].name = "rt2x00debug_write_eeprom",
++ [51253].param3 = 1,
++ [51323].file = "sound/pci/ac97/ac97_pcm.c",
++ [51323].name = "snd_ac97_pcm_assign",
++ [51323].param2 = 1,
++ [51340].file = "drivers/usb/class/usblp.c",
++ [51340].name = "usblp_write",
++ [51340].param3 = 1,
++ [51499].file = "net/802/garp.c",
++ [51499].name = "garp_attr_create",
++ [51499].param3 = 1,
++ [51842].file = "drivers/hid/hid-core.c",
++ [51842].name = "hid_register_field",
++ [51842].param2 = 1,
++ [51842].param3 = 1,
++ [5197].file = "net/core/dev.c",
++ [5197].name = "dev_set_alias",
++ [5197].param3 = 1,
++ [5204].file = "drivers/media/video/usbvision/usbvision-video.c",
++ [5204].name = "usbvision_v4l2_read",
++ [5204].param3 = 1,
++ [5206].file = "drivers/media/dvb/ttpci/av7110_v4l.c",
++ [5206].name = "av7110_vbi_write",
++ [5206].param3 = 1,
++ [52086].file = "drivers/usb/image/mdc800.c",
++ [52086].name = "mdc800_device_read",
++ [52086].param3 = 1,
++ [52099].file = "drivers/gpu/drm/vmwgfx/vmwgfx_kms.c",
++ [52099].name = "do_surface_dirty_sou",
++ [52099].param7 = 1,
++ [52172].file = "drivers/pcmcia/cistpl.c",
++ [52172].name = "pccard_store_cis",
++ [52172].param6 = 1,
++ [52173].file = "drivers/misc/ibmasm/ibmasmfs.c",
++ [52173].name = "remote_settings_file_write",
++ [52173].param3 = 1,
++ [52199].file = "mm/nobootmem.c",
++ [52199].name = "__alloc_bootmem",
++ [52199].param1 = 1,
++ [52343].file = "drivers/usb/misc/adutux.c",
++ [52343].name = "adu_read",
++ [52343].param3 = 1,
++ [52401].file = "drivers/staging/rtl8712/rtl871x_ioctl_linux.c",
++ [52401].name = "r871x_set_wpa_ie",
++ [52401].param3 = 1,
++ [52699].file = "lib/ts_fsm.c",
++ [52699].name = "fsm_init",
++ [52699].param2 = 1,
++ [52721].file = "security/keys/encrypted-keys/encrypted.c",
++ [52721].name = "encrypted_instantiate",
++ [52721].param3 = 1,
++ [52902].file = "fs/xfs/kmem.h",
++ [52902].name = "kmem_zalloc_large",
++ [52902].param1 = 1,
++ [52950].file = "net/bluetooth/mgmt.c",
++ [52950].name = "set_discoverable",
++ [52950].param4 = 1,
++ [53041].file = "fs/libfs.c",
++ [53041].name = "simple_transaction_get",
++ [53041].param3 = 1,
++ [5313].file = "fs/gfs2/quota.c",
++ [5313].name = "do_sync",
++ [5313].param1 = 1,
++ [53209].file = "drivers/usb/host/ehci-sched.c",
++ [53209].name = "iso_sched_alloc",
++ [53209].param1 = 1,
++ [53302].file = "drivers/firewire/core-cdev.c",
++ [53302].name = "dispatch_ioctl",
++ [53302].param2 = 1,
++ [53355].file = "fs/ceph/dir.c",
++ [53355].name = "ceph_read_dir",
++ [53355].param3 = 1,
++ [53405].file = "drivers/media/video/videobuf-core.c",
++ [53405].name = "__videobuf_copy_to_user",
++ [53405].param4 = 1,
++ [53407].file = "net/wireless/sme.c",
++ [53407].name = "cfg80211_connect_result",
++ [53407].param4 = 1,
++ [53407].param6 = 1,
++ [53426].file = "fs/libfs.c",
++ [53426].name = "simple_transaction_read",
++ [53426].param3 = 1,
++ [5344].file = "security/selinux/ss/hashtab.c",
++ [5344].name = "hashtab_create",
++ [5344].param3 = 1,
++ [53513].file = "drivers/mmc/core/mmc_ops.c",
++ [53513].name = "mmc_send_bus_test",
++ [53513].param4 = 1,
++ [53626].file = "drivers/block/paride/pg.c",
++ [53626].name = "pg_read",
++ [53626].param3 = 1,
++ [53631].file = "mm/util.c",
++ [53631].name = "memdup_user",
++ [53631].param2 = 1,
++ [53674].file = "drivers/media/dvb/ttpci/av7110_ca.c",
++ [53674].name = "ci_ll_write",
++ [53674].param4 = 1,
++ [5389].file = "drivers/infiniband/core/uverbs_cmd.c",
++ [5389].name = "ib_uverbs_unmarshall_recv",
++ [5389].param5 = 1,
++ [53901].file = "net/rds/message.c",
++ [53901].name = "rds_message_alloc",
++ [53901].param1 = 1,
++ [53902].file = "net/sctp/socket.c",
++ [53902].name = "sctp_setsockopt_initmsg",
++ [53902].param3 = 1,
++ [5410].file = "kernel/kexec.c",
++ [5410].name = "sys_kexec_load",
++ [5410].param2 = 1,
++ [54172].file = "net/nfc/core.c",
++ [54172].name = "nfc_alloc_recv_skb",
++ [54172].param1 = 1,
++ [54182].file = "drivers/block/rbd.c",
++ [54182].name = "rbd_snap_add",
++ [54182].param4 = 1,
++ [54201].file = "drivers/platform/x86/asus_acpi.c",
++ [54201].name = "mled_proc_write",
++ [54201].param3 = 1,
++ [54263].file = "security/keys/trusted.c",
++ [54263].name = "trusted_instantiate",
++ [54263].param3 = 1,
++ [54296].file = "include/linux/mISDNif.h",
++ [54296].name = "_alloc_mISDN_skb",
++ [54296].param3 = 1,
++ [54298].file = "drivers/usb/wusbcore/crypto.c",
++ [54298].name = "wusb_ccm_mac",
++ [54298].param7 = 1,
++ [54318].file = "include/drm/drm_mem_util.h",
++ [54318].name = "drm_malloc_ab",
++ [54318].param1 = 1,
++ [54318].param2 = 1,
++ [54335].file = "drivers/md/dm-table.c",
++ [54335].name = "dm_vcalloc",
++ [54335].param1 = 1,
++ [54335].param2 = 1,
++ [54338].file = "fs/ntfs/malloc.h",
++ [54338].name = "ntfs_malloc_nofs",
++ [54338].param1 = 1,
++ [54339].file = "security/smack/smackfs.c",
++ [54339].name = "smk_write_cipso",
++ [54339].param3 = 1,
++ [54369].file = "drivers/usb/storage/realtek_cr.c",
++ [54369].name = "rts51x_read_mem",
++ [54369].param4 = 1,
++ [5438].file = "sound/core/memory.c",
++ [5438].name = "copy_to_user_fromio",
++ [5438].param3 = 1,
++ [54401].file = "lib/dynamic_debug.c",
++ [54401].name = "ddebug_proc_write",
++ [54401].param3 = 1,
++ [54467].file = "net/packet/af_packet.c",
++ [54467].name = "packet_setsockopt",
++ [54467].param5 = 1,
++ [54573].file = "ipc/sem.c",
++ [54573].name = "sys_semop",
++ [54573].param3 = 1,
++ [54583].file = "net/sctp/socket.c",
++ [54583].name = "sctp_setsockopt_peer_addr_params",
++ [54583].param3 = 1,
++ [54643].file = "drivers/isdn/hardware/eicon/divasi.c",
++ [54643].name = "um_idi_write",
++ [54643].param3 = 1,
++ [54657].file = "mm/migrate.c",
++ [54657].name = "do_pages_stat",
++ [54657].param2 = 1,
++ [54663].file = "drivers/isdn/hardware/eicon/platform.h",
++ [54663].name = "diva_os_malloc",
++ [54663].param2 = 1,
++ [54701].file = "drivers/misc/altera-stapl/altera-jtag.c",
++ [54701].name = "altera_swap_ir",
++ [54701].param2 = 1,
++ [54751].file = "drivers/infiniband/core/device.c",
++ [54751].name = "ib_alloc_device",
++ [54751].param1 = 1,
++ [54771].file = "drivers/isdn/mISDN/socket.c",
++ [54771].name = "_l2_alloc_skb",
++ [54771].param1 = 1,
++ [54777].file = "drivers/net/wireless/ath/ath6kl/debug.c",
++ [54777].name = "ath6kl_debug_roam_tbl_event",
++ [54777].param3 = 1,
++ [54806].file = "drivers/scsi/lpfc/lpfc_debugfs.c",
++ [54806].name = "lpfc_debugfs_dif_err_write",
++ [54806].param3 = 1,
++ [5494].file = "fs/cifs/cifsacl.c",
++ [5494].name = "cifs_idmap_key_instantiate",
++ [5494].param3 = 1,
++ [55066].file = "net/ipv6/ipv6_sockglue.c",
++ [55066].name = "do_ipv6_setsockopt",
++ [55066].param5 = 1,
++ [55105].file = "drivers/base/devres.c",
++ [55105].name = "devres_alloc",
++ [55105].param2 = 1,
++ [55115].file = "net/sctp/probe.c",
++ [55115].name = "sctpprobe_read",
++ [55115].param3 = 1,
++ [55155].file = "net/bluetooth/rfcomm/sock.c",
++ [55155].name = "rfcomm_sock_setsockopt",
++ [55155].param5 = 1,
++ [55187].file = "security/keys/keyctl.c",
++ [55187].name = "keyctl_describe_key",
++ [55187].param3 = 1,
++ [55253].file = "drivers/net/wireless/ray_cs.c",
++ [55253].name = "ray_cs_essid_proc_write",
++ [55253].param3 = 1,
++ [55341].file = "drivers/staging/sep/sep_driver.c",
++ [55341].name = "sep_prepare_input_output_dma_table_in_dcb",
++ [55341].param4 = 1,
++ [55341].param5 = 1,
++ [55417].file = "drivers/hv/channel.c",
++ [55417].name = "vmbus_open",
++ [55417].param2 = 1,
++ [55417].param3 = 1,
++ [5548].file = "drivers/media/media-entity.c",
++ [5548].name = "media_entity_init",
++ [5548].param2 = 1,
++ [5548].param4 = 1,
++ [55546].file = "drivers/spi/spi.c",
++ [55546].name = "spi_alloc_master",
++ [55546].param2 = 1,
++ [55580].file = "drivers/usb/mon/mon_bin.c",
++ [55580].name = "copy_from_buf",
++ [55580].param2 = 1,
++ [55584].file = "drivers/tty/tty_buffer.c",
++ [55584].name = "tty_buffer_alloc",
++ [55584].param2 = 1,
++ [55712].file = "drivers/char/mem.c",
++ [55712].name = "read_zero",
++ [55712].param3 = 1,
++ [55727].file = "drivers/media/video/stk-webcam.c",
++ [55727].name = "stk_prepare_sio_buffers",
++ [55727].param2 = 1,
++ [55816].file = "drivers/misc/altera-stapl/altera-jtag.c",
++ [55816].name = "altera_set_ir_pre",
++ [55816].param2 = 1,
++ [55826].file = "drivers/infiniband/hw/ipath/ipath_file_ops.c",
++ [55826].name = "ipath_get_base_info",
++ [55826].param3 = 1,
++ [5586].file = "net/atm/common.c",
++ [5586].name = "alloc_tx",
++ [5586].param2 = 1,
++ [55978].file = "drivers/usb/misc/iowarrior.c",
++ [55978].name = "iowarrior_write",
++ [55978].param3 = 1,
++ [56170].file = "drivers/usb/wusbcore/wa-xfer.c",
++ [56170].name = "__wa_xfer_setup_segs",
++ [56170].param2 = 1,
++ [56199].file = "fs/binfmt_misc.c",
++ [56199].name = "parse_command",
++ [56199].param2 = 1,
++ [56218].file = "drivers/mmc/card/mmc_test.c",
++ [56218].name = "mtf_test_write",
++ [56218].param3 = 1,
++ [56239].file = "fs/sysfs/file.c",
++ [56239].name = "fill_write_buffer",
++ [56239].param3 = 1,
++ [5624].file = "drivers/net/wireless/ath/ath9k/wmi.c",
++ [5624].name = "ath9k_wmi_cmd",
++ [5624].param4 = 1,
++ [56416].file = "drivers/misc/lkdtm.c",
++ [56416].name = "do_register_entry",
++ [56416].param4 = 1,
++ [56458].file = "drivers/usb/host/hwa-hc.c",
++ [56458].name = "__hwahc_op_set_ptk",
++ [56458].param5 = 1,
++ [56471].file = "include/linux/slab.h",
++ [56471].name = "kcalloc",
++ [56471].param1 = 1,
++ [56471].param2 = 1,
++ [56513].file = "fs/cifs/connect.c",
++ [56513].name = "cifs_readv_from_socket",
++ [56513].param3 = 1,
++ [56531].file = "net/bluetooth/l2cap_core.c",
++ [56531].name = "l2cap_send_cmd",
++ [56531].param4 = 1,
++ [56544].file = "drivers/block/drbd/drbd_receiver.c",
++ [56544].name = "receive_DataRequest",
++ [56544].param3 = 1,
++ [56609].file = "lib/mpi/mpi-internal.h",
++ [56609].name = "RESIZE_IF_NEEDED",
++ [56609].param2 = 1,
++ [56652].file = "drivers/misc/altera-stapl/altera-jtag.c",
++ [56652].name = "altera_set_dr_post",
++ [56652].param2 = 1,
++ [56653].file = "net/irda/af_irda.c",
++ [56653].name = "irda_setsockopt",
++ [56653].param5 = 1,
++ [56672].file = "drivers/char/agp/generic.c",
++ [56672].name = "agp_alloc_page_array",
++ [56672].param1 = 1,
++ [56798].file = "fs/bio.c",
++ [56798].name = "bio_alloc_map_data",
++ [56798].param2 = 1,
++ [56843].file = "drivers/scsi/scsi_transport_iscsi.c",
++ [56843].name = "iscsi_recv_pdu",
++ [56843].param4 = 1,
++ [56903].file = "drivers/mtd/mtdchar.c",
++ [56903].name = "mtdchar_readoob",
++ [56903].param4 = 1,
++ [5699].file = "net/sctp/socket.c",
++ [5699].name = "sctp_setsockopt_default_send_param",
++ [5699].param3 = 1,
++ [5704].file = "drivers/mtd/mtdswap.c",
++ [5704].name = "mtdswap_init",
++ [5704].param2 = 1,
++ [57128].file = "drivers/pnp/pnpbios/proc.c",
++ [57128].name = "pnpbios_proc_write",
++ [57128].param3 = 1,
++ [57190].file = "drivers/char/agp/generic.c",
++ [57190].name = "agp_generic_alloc_user",
++ [57190].param1 = 1,
++ [57252].file = "drivers/media/dvb/dvb-core/dmxdev.c",
++ [57252].name = "dvb_dmxdev_set_buffer_size",
++ [57252].param2 = 1,
++ [57392].file = "drivers/block/aoe/aoecmd.c",
++ [57392].name = "new_skb",
++ [57392].param1 = 1,
++ [57471].file = "drivers/media/video/sn9c102/sn9c102_core.c",
++ [57471].name = "sn9c102_read",
++ [57471].param3 = 1,
++ [57547].file = "security/keys/encrypted-keys/encrypted.c",
++ [57547].name = "get_derived_key",
++ [57547].param4 = 1,
++ [57552].file = "net/sunrpc/cache.c",
++ [57552].name = "cache_slow_downcall",
++ [57552].param2 = 1,
++ [57670].file = "drivers/bluetooth/btmrvl_debugfs.c",
++ [57670].name = "btmrvl_pscmd_write",
++ [57670].param3 = 1,
++ [57710].file = "include/linux/usb/wusb.h",
++ [57710].name = "wusb_prf_256",
++ [57710].param7 = 1,
++ [57724].file = "net/bluetooth/hci_sock.c",
++ [57724].name = "hci_sock_setsockopt",
++ [57724].param5 = 1,
++ [57761].file = "kernel/kexec.c",
++ [57761].name = "kimage_crash_alloc",
++ [57761].param3 = 1,
++ [57786].file = "net/ipv6/netfilter/ip6_tables.c",
++ [57786].name = "compat_do_ip6t_set_ctl",
++ [57786].param4 = 1,
++ [57872].file = "fs/ceph/xattr.c",
++ [57872].name = "ceph_setxattr",
++ [57872].param4 = 1,
++ [57927].file = "fs/read_write.c",
++ [57927].name = "sys_preadv",
++ [57927].param3 = 1,
++ [58012].file = "include/net/bluetooth/bluetooth.h",
++ [58012].name = "bt_skb_alloc",
++ [58012].param1 = 1,
++ [58020].file = "drivers/firewire/core-cdev.c",
++ [58020].name = "fw_device_op_ioctl",
++ [58020].param2 = 1,
++ [58043].file = "kernel/auditfilter.c",
++ [58043].name = "audit_unpack_string",
++ [58043].param3 = 1,
++ [58087].file = "kernel/module.c",
++ [58087].name = "module_alloc_update_bounds_rw",
++ [58087].param1 = 1,
++ [58124].file = "drivers/usb/misc/usbtest.c",
++ [58124].name = "ctrl_out",
++ [58124].param3 = 1,
++ [58124].param5 = 1,
++ [58217].file = "net/sctp/socket.c",
++ [58217].name = "sctp_setsockopt_peer_primary_addr",
++ [58217].param3 = 1,
++ [58263].file = "security/keys/keyring.c",
++ [58263].name = "keyring_read",
++ [58263].param3 = 1,
++ [5830].file = "drivers/gpu/vga/vga_switcheroo.c",
++ [5830].name = "vga_switcheroo_debugfs_write",
++ [5830].param3 = 1,
++ [58320].file = "drivers/scsi/scsi_proc.c",
++ [58320].name = "proc_scsi_write",
++ [58320].param3 = 1,
++ [58344].file = "net/sunrpc/cache.c",
++ [58344].name = "read_flush",
++ [58344].param3 = 1,
++ [58379].file = "mm/nobootmem.c",
++ [58379].name = "__alloc_bootmem_node",
++ [58379].param2 = 1,
++ [58597].file = "kernel/kfifo.c",
++ [58597].name = "__kfifo_to_user",
++ [58597].param3 = 1,
++ [58641].file = "drivers/usb/misc/adutux.c",
++ [58641].name = "adu_write",
++ [58641].param3 = 1,
++ [58709].file = "fs/compat.c",
++ [58709].name = "compat_sys_pwritev",
++ [58709].param3 = 1,
++ [58769].file = "drivers/net/wireless/zd1211rw/zd_usb.c",
++ [58769].name = "zd_usb_read_fw",
++ [58769].param4 = 1,
++ [5876].file = "drivers/net/ppp/ppp_generic.c",
++ [5876].name = "ppp_write",
++ [5876].param3 = 1,
++ [58826].file = "net/sunrpc/xprt.c",
++ [58826].name = "xprt_alloc",
++ [58826].param2 = 1,
++ [58865].file = "include/linux/slub_def.h",
++ [58865].name = "kmalloc_order_trace",
++ [58865].param1 = 1,
++ [58867].file = "drivers/platform/x86/asus_acpi.c",
++ [58867].name = "wled_proc_write",
++ [58867].param3 = 1,
++ [58888].file = "fs/xattr.c",
++ [58888].name = "listxattr",
++ [58888].param3 = 1,
++ [58889].file = "kernel/trace/trace_kprobe.c",
++ [58889].name = "probes_write",
++ [58889].param3 = 1,
++ [58912].file = "drivers/lguest/core.c",
++ [58912].name = "__lgwrite",
++ [58912].param4 = 1,
++ [58918].file = "sound/core/pcm_native.c",
++ [58918].name = "snd_pcm_aio_write",
++ [58918].param3 = 1,
++ [58942].file = "drivers/block/aoe/aoedev.c",
++ [58942].name = "aoedev_flush",
++ [58942].param2 = 1,
++ [58958].file = "fs/fuse/control.c",
++ [58958].name = "fuse_conn_limit_write",
++ [58958].param3 = 1,
++ [59005].file = "drivers/staging/sep/sep_driver.c",
++ [59005].name = "sep_prepare_input_dma_table",
++ [59005].param2 = 1,
++ [59005].param3 = 1,
++ [59013].file = "fs/xfs/xfs_ioctl.c",
++ [59013].name = "xfs_handle_to_dentry",
++ [59013].param3 = 1,
++ [59034].file = "drivers/acpi/acpica/dsobject.c",
++ [59034].name = "acpi_ds_build_internal_package_obj",
++ [59034].param3 = 1,
++ [59073].file = "drivers/staging/speakup/i18n.c",
++ [59073].name = "msg_set",
++ [59073].param3 = 1,
++ [59074].file = "drivers/scsi/cxgbi/libcxgbi.c",
++ [59074].name = "ddp_make_gl",
++ [59074].param1 = 1,
++ [59297].file = "drivers/media/dvb/ttpci/av7110_av.c",
++ [59297].name = "dvb_play",
++ [59297].param3 = 1,
++ [59472].file = "drivers/misc/ibmasm/ibmasmfs.c",
++ [59472].name = "command_file_write",
++ [59472].param3 = 1,
++ [59504].file = "fs/exofs/super.c",
++ [59504].name = "__alloc_dev_table",
++ [59504].param2 = 1,
++ [59505].file = "drivers/media/video/pvrusb2/pvrusb2-ioread.c",
++ [59505].name = "pvr2_ioread_read",
++ [59505].param3 = 1,
++ [59681].file = "fs/xfs/kmem.c",
++ [59681].name = "kmem_alloc",
++ [59681].param1 = 1,
++ [5968].file = "net/sunrpc/sched.c",
++ [5968].name = "rpc_malloc",
++ [5968].param2 = 1,
++ [59695].file = "net/ipv4/netfilter/ipt_ULOG.c",
++ [59695].name = "ulog_alloc_skb",
++ [59695].param1 = 1,
++ [59838].file = "net/netlink/af_netlink.c",
++ [59838].name = "nl_pid_hash_zalloc",
++ [59838].param1 = 1,
++ [59856].file = "drivers/base/devres.c",
++ [59856].name = "devm_kzalloc",
++ [59856].param2 = 1,
++ [60066].file = "mm/filemap.c",
++ [60066].name = "iov_iter_copy_from_user",
++ [60066].param4 = 1,
++ [60185].file = "kernel/params.c",
++ [60185].name = "kmalloc_parameter",
++ [60185].param1 = 1,
++ [60198].file = "fs/nfs/nfs4proc.c",
++ [60198].name = "nfs4_write_cached_acl",
++ [60198].param3 = 1,
++ [60330].file = "drivers/media/video/w9966.c",
++ [60330].name = "w9966_v4l_read",
++ [60330].param3 = 1,
++ [604].file = "drivers/staging/rtl8712/usb_ops_linux.c",
++ [604].name = "r8712_usbctrl_vendorreq",
++ [604].param6 = 1,
++ [60543].file = "drivers/usb/class/usbtmc.c",
++ [60543].name = "usbtmc_read",
++ [60543].param3 = 1,
++ [60683].file = "sound/drivers/opl4/opl4_proc.c",
++ [60683].name = "snd_opl4_mem_proc_write",
++ [60683].param5 = 1,
++ [60693].file = "drivers/misc/hpilo.c",
++ [60693].name = "ilo_read",
++ [60693].param3 = 1,
++ [60744].file = "sound/pci/emu10k1/emuproc.c",
++ [60744].name = "snd_emu10k1_fx8010_read",
++ [60744].param5 = 1,
++ [60777].file = "fs/ntfs/malloc.h",
++ [60777].name = "ntfs_malloc_nofs_nofail",
++ [60777].param1 = 1,
++ [60833].file = "drivers/block/aoe/aoenet.c",
++ [60833].name = "set_aoe_iflist",
++ [60833].param2 = 1,
++ [60882].file = "drivers/input/joydev.c",
++ [60882].name = "joydev_compat_ioctl",
++ [60882].param2 = 1,
++ [60891].file = "kernel/sched/core.c",
++ [60891].name = "sys_sched_setaffinity",
++ [60891].param2 = 1,
++ [60920].file = "drivers/infiniband/hw/qib/qib_file_ops.c",
++ [60920].name = "qib_get_base_info",
++ [60920].param3 = 1,
++ [60928].file = "drivers/staging/bcm/Bcmchar.c",
++ [60928].name = "bcm_char_read",
++ [60928].param3 = 1,
++ [61122].file = "drivers/base/devres.c",
++ [61122].name = "alloc_dr",
++ [61122].param2 = 1,
++ [61254].file = "drivers/scsi/scsi_devinfo.c",
++ [61254].name = "proc_scsi_devinfo_write",
++ [61254].param3 = 1,
++ [61283].file = "drivers/net/wireless/ath/ath6kl/debug.c",
++ [61283].name = "ath6kl_fwlog_read",
++ [61283].param3 = 1,
++ [61289].file = "security/apparmor/apparmorfs.c",
++ [61289].name = "aa_simple_write_to_buffer",
++ [61289].param4 = 1,
++ [61389].file = "include/linux/slab.h",
++ [61389].name = "kzalloc_node",
++ [61389].param1 = 1,
++ [61441].file = "fs/ntfs/file.c",
++ [61441].name = "ntfs_copy_from_user_iovec",
++ [61441].param3 = 1,
++ [61441].param6 = 1,
++ [61552].file = "drivers/input/evdev.c",
++ [61552].name = "str_to_user",
++ [61552].param2 = 1,
++ [61673].file = "security/keys/trusted.c",
++ [61673].name = "trusted_update",
++ [61673].param3 = 1,
++ [61676].file = "kernel/module.c",
++ [61676].name = "module_alloc_update_bounds_rx",
++ [61676].param1 = 1,
++ [61684].file = "drivers/net/ethernet/chelsio/cxgb3/cxgb3_offload.c",
++ [61684].name = "cxgb3_get_cpl_reply_skb",
++ [61684].param2 = 1,
++ [6173].file = "net/netlink/af_netlink.c",
++ [6173].name = "netlink_sendmsg",
++ [6173].param4 = 1,
++ [61770].file = "drivers/media/video/et61x251/et61x251_core.c",
++ [61770].name = "et61x251_read",
++ [61770].param3 = 1,
++ [61772].file = "fs/exofs/ore_raid.c",
++ [61772].name = "_sp2d_alloc",
++ [61772].param1 = 1,
++ [61772].param2 = 1,
++ [61772].param3 = 1,
++ [61926].file = "drivers/media/dvb/ddbridge/ddbridge-core.c",
++ [61926].name = "ddb_input_read",
++ [61926].param3 = 1,
++ [61932].file = "drivers/message/fusion/mptctl.c",
++ [61932].name = "__mptctl_ioctl",
++ [61932].param2 = 1,
++ [61966].file = "fs/nfs/nfs4proc.c",
++ [61966].name = "nfs4_alloc_slots",
++ [61966].param1 = 1,
++ [62081].file = "drivers/net/irda/vlsi_ir.c",
++ [62081].name = "vlsi_alloc_ring",
++ [62081].param3 = 1,
++ [62081].param4 = 1,
++ [62116].file = "fs/libfs.c",
++ [62116].name = "simple_attr_read",
++ [62116].param3 = 1,
++ [6211].file = "drivers/net/ethernet/amd/pcnet32.c",
++ [6211].name = "pcnet32_realloc_tx_ring",
++ [6211].param3 = 1,
++ [62294].file = "sound/core/info.c",
++ [62294].name = "resize_info_buffer",
++ [62294].param2 = 1,
++ [62387].file = "fs/nfs/idmap.c",
++ [62387].name = "nfs_idmap_lookup_id",
++ [62387].param2 = 1,
++ [62465].file = "drivers/misc/altera-stapl/altera-jtag.c",
++ [62465].name = "altera_set_dr_pre",
++ [62465].param2 = 1,
++ [62466].file = "lib/mpi/mpiutil.c",
++ [62466].name = "mpi_alloc",
++ [62466].param1 = 1,
++ [62495].file = "drivers/block/floppy.c",
++ [62495].name = "fallback_on_nodma_alloc",
++ [62495].param2 = 1,
++ [62498].file = "fs/xattr.c",
++ [62498].name = "sys_listxattr",
++ [62498].param3 = 1,
++ [625].file = "fs/read_write.c",
++ [625].name = "sys_pwritev",
++ [625].param3 = 1,
++ [62662].file = "drivers/message/fusion/mptctl.c",
++ [62662].name = "mptctl_getiocinfo",
++ [62662].param2 = 1,
++ [62669].file = "drivers/platform/x86/asus_acpi.c",
++ [62669].name = "tled_proc_write",
++ [62669].param3 = 1,
++ [62714].file = "security/keys/keyctl.c",
++ [62714].name = "keyctl_update_key",
++ [62714].param3 = 1,
++ [62760].file = "drivers/media/dvb/ttpci/av7110_av.c",
++ [62760].name = "play_iframe",
++ [62760].param3 = 1,
++ [62851].file = "fs/proc/vmcore.c",
++ [62851].name = "read_vmcore",
++ [62851].param3 = 1,
++ [62870].file = "fs/nfs/idmap.c",
++ [62870].name = "nfs_idmap_get_desc",
++ [62870].param2 = 1,
++ [62870].param4 = 1,
++ [62905].file = "net/caif/cfpkt_skbuff.c",
++ [62905].name = "cfpkt_create",
++ [62905].param1 = 1,
++ [62920].file = "drivers/net/wireless/b43/phy_n.c",
++ [62920].name = "b43_nphy_load_samples",
++ [62920].param3 = 1,
++ [62925].file = "include/rdma/ib_verbs.h",
++ [62925].name = "ib_copy_from_udata",
++ [62925].param3 = 1,
++ [62934].file = "drivers/net/wireless/wl1251/cmd.c",
++ [62934].name = "wl1251_cmd_template_set",
++ [62934].param4 = 1,
++ [62940].file = "drivers/scsi/libsrp.c",
++ [62940].name = "srp_ring_alloc",
++ [62940].param2 = 1,
++ [62967].file = "security/keys/encrypted-keys/encrypted.c",
++ [62967].name = "encrypted_update",
++ [62967].param3 = 1,
++ [62970].file = "net/sched/sch_api.c",
++ [62970].name = "qdisc_class_hash_alloc",
++ [62970].param1 = 1,
++ [62999].file = "net/core/neighbour.c",
++ [62999].name = "neigh_hash_alloc",
++ [62999].param1 = 1,
++ [63007].file = "fs/proc/base.c",
++ [63007].name = "proc_coredump_filter_write",
++ [63007].param3 = 1,
++ [63010].file = "drivers/gpu/drm/ttm/ttm_page_alloc.c",
++ [63010].name = "ttm_page_pool_free",
++ [63010].param2 = 1,
++ [63045].file = "crypto/shash.c",
++ [63045].name = "shash_setkey_unaligned",
++ [63045].param3 = 1,
++ [63075].file = "kernel/relay.c",
++ [63075].name = "relay_alloc_page_array",
++ [63075].param1 = 1,
++ [63076].file = "fs/cifs/xattr.c",
++ [63076].name = "cifs_setxattr",
++ [63076].param4 = 1,
++ [63091].file = "drivers/net/usb/pegasus.c",
++ [63091].name = "get_registers",
++ [63091].param3 = 1,
++ [6331].file = "drivers/atm/solos-pci.c",
++ [6331].name = "solos_param_store",
++ [6331].param4 = 1,
++ [63367].file = "net/netfilter/ipset/ip_set_core.c",
++ [63367].name = "ip_set_alloc",
++ [63367].param1 = 1,
++ [63489].file = "drivers/bluetooth/btmrvl_debugfs.c",
++ [63489].name = "btmrvl_hscfgcmd_write",
++ [63489].param3 = 1,
++ [63490].file = "crypto/shash.c",
++ [63490].name = "shash_compat_setkey",
++ [63490].param3 = 1,
++ [63605].file = "mm/mempool.c",
++ [63605].name = "mempool_kmalloc",
++ [63605].param2 = 1,
++ [63633].file = "drivers/bluetooth/btmrvl_sdio.c",
++ [63633].name = "btmrvl_sdio_host_to_card",
++ [63633].param3 = 1,
++ [63961].file = "fs/xattr.c",
++ [63961].name = "sys_flistxattr",
++ [63961].param3 = 1,
++ [63964].file = "net/sctp/socket.c",
++ [63964].name = "sctp_setsockopt_maxseg",
++ [63964].param3 = 1,
++ [63988].file = "drivers/input/evdev.c",
++ [63988].name = "evdev_ioctl_compat",
++ [63988].param2 = 1,
++ [64055].file = "drivers/media/dvb/ttpci/av7110_av.c",
++ [64055].name = "dvb_aplay",
++ [64055].param3 = 1,
++ [64156].file = "drivers/net/wireless/ath/ath6kl/cfg80211.c",
++ [64156].name = "ath6kl_mgmt_tx",
++ [64156].param9 = 1,
++ [64226].file = "drivers/md/persistent-data/dm-space-map-checker.c",
++ [64226].name = "ca_extend",
++ [64226].param2 = 1,
++ [64227].file = "mm/nobootmem.c",
++ [64227].name = "__alloc_bootmem_node_nopanic",
++ [64227].param2 = 1,
++ [64351].file = "kernel/kfifo.c",
++ [64351].name = "kfifo_copy_from_user",
++ [64351].param3 = 1,
++ [64392].file = "drivers/mmc/core/mmc_ops.c",
++ [64392].name = "mmc_send_cxd_data",
++ [64392].param5 = 1,
++ [64423].file = "kernel/sched/core.c",
++ [64423].name = "get_user_cpu_mask",
++ [64423].param2 = 1,
++ [64432].file = "security/selinux/selinuxfs.c",
++ [64432].name = "sel_write_create",
++ [64432].param3 = 1,
++ [64471].file = "drivers/bluetooth/btmrvl_debugfs.c",
++ [64471].name = "btmrvl_hscmd_write",
++ [64471].param3 = 1,
++ [64667].file = "sound/core/oss/pcm_oss.c",
++ [64667].name = "snd_pcm_oss_read",
++ [64667].param3 = 1,
++ [64689].file = "sound/isa/gus/gus_dram.c",
++ [64689].name = "snd_gus_dram_read",
++ [64689].param4 = 1,
++ [64692].file = "fs/binfmt_misc.c",
++ [64692].name = "bm_entry_write",
++ [64692].param3 = 1,
++ [64705].file = "drivers/staging/iio/accel/sca3000_ring.c",
++ [64705].name = "sca3000_read_first_n_hw_rb",
++ [64705].param2 = 1,
++ [64713].file = "fs/cifs/connect.c",
++ [64713].name = "extract_hostname",
++ [64713].param1 = 1,
++ [64743].file = "fs/ocfs2/dlmfs/dlmfs.c",
++ [64743].name = "dlmfs_file_read",
++ [64743].param3 = 1,
++ [64771].file = "security/keys/encrypted-keys/encrypted.c",
++ [64771].name = "datablob_format",
++ [64771].param2 = 1,
++ [6477].file = "net/bluetooth/mgmt.c",
++ [6477].name = "mgmt_pending_add",
++ [6477].param5 = 1,
++ [64906].file = "drivers/net/wireless/b43legacy/debugfs.c",
++ [64906].name = "b43legacy_debugfs_write",
++ [64906].param3 = 1,
++ [64913].file = "sound/core/oss/pcm_oss.c",
++ [64913].name = "snd_pcm_oss_write1",
++ [64913].param3 = 1,
++ [64961].file = "drivers/spi/spidev.c",
++ [64961].name = "spidev_ioctl",
++ [64961].param2 = 1,
++ [65033].file = "crypto/shash.c",
++ [65033].name = "shash_async_setkey",
++ [65033].param3 = 1,
++ [65093].file = "security/integrity/evm/evm_secfs.c",
++ [65093].name = "evm_write_key",
++ [65093].param3 = 1,
++ [6514].file = "mm/nobootmem.c",
++ [6514].name = "__alloc_bootmem_low",
++ [6514].param1 = 1,
++ [65169].file = "net/core/skbuff.c",
++ [65169].name = "dev_alloc_skb",
++ [65169].param1 = 1,
++ [6517].file = "drivers/md/dm-table.c",
++ [6517].name = "alloc_targets",
++ [6517].param2 = 1,
++ [65205].file = "drivers/input/evdev.c",
++ [65205].name = "handle_eviocgbit",
++ [65205].param3 = 1,
++ [65237].file = "kernel/profile.c",
++ [65237].name = "read_profile",
++ [65237].param3 = 1,
++ [65343].file = "kernel/trace/trace.c",
++ [65343].name = "tracing_clock_write",
++ [65343].param3 = 1,
++ [65345].file = "lib/xz/xz_dec_lzma2.c",
++ [65345].name = "xz_dec_lzma2_create",
++ [65345].param2 = 1,
++ [65409].file = "net/802/garp.c",
++ [65409].name = "garp_request_join",
++ [65409].param4 = 1,
++ [65432].file = "drivers/hid/hid-roccat-kone.c",
++ [65432].name = "kone_receive",
++ [65432].param4 = 1,
++ [65514].file = "drivers/media/video/gspca/t613.c",
++ [65514].name = "reg_w_ixbuf",
++ [65514].param4 = 1,
++ [6551].file = "drivers/usb/host/xhci-mem.c",
++ [6551].name = "xhci_alloc_stream_info",
++ [6551].param3 = 1,
++ [65535].file = "drivers/media/dvb/dvb-usb/opera1.c",
++ [65535].name = "opera1_xilinx_rw",
++ [65535].param5 = 1,
++ [6672].file = "drivers/net/wireless/b43/debugfs.c",
++ [6672].name = "b43_debugfs_write",
++ [6672].param3 = 1,
++ [6691].file = "drivers/acpi/proc.c",
++ [6691].name = "acpi_system_write_wakeup_device",
++ [6691].param3 = 1,
++ [6865].file = "drivers/staging/iio/ring_sw.c",
++ [6865].name = "iio_read_first_n_sw_rb",
++ [6865].param2 = 1,
++ [6867].file = "fs/coda/psdev.c",
++ [6867].name = "coda_psdev_read",
++ [6867].param3 = 1,
++ [6891].file = "drivers/bluetooth/btmrvl_debugfs.c",
++ [6891].name = "btmrvl_gpiogap_write",
++ [6891].param3 = 1,
++ [6944].file = "drivers/ide/ide-proc.c",
++ [6944].name = "ide_settings_proc_write",
++ [6944].param3 = 1,
++ [6950].file = "drivers/isdn/capi/capi.c",
++ [6950].name = "capi_write",
++ [6950].param3 = 1,
++ [697].file = "sound/isa/gus/gus_dram.c",
++ [697].name = "snd_gus_dram_peek",
++ [697].param4 = 1,
++ [7066].file = "security/keys/keyctl.c",
++ [7066].name = "keyctl_instantiate_key_common",
++ [7066].param4 = 1,
++ [7125].file = "include/net/nfc/nci_core.h",
++ [7125].name = "nci_skb_alloc",
++ [7125].param2 = 1,
++ [7129].file = "mm/maccess.c",
++ [7129].name = "__probe_kernel_read",
++ [7129].param3 = 1,
++ [7158].file = "kernel/trace/trace.c",
++ [7158].name = "tracing_read_pipe",
++ [7158].param3 = 1,
++ [720].file = "sound/pci/rme9652/hdsp.c",
++ [720].name = "snd_hdsp_playback_copy",
++ [720].param5 = 1,
++ [7236].file = "drivers/gpu/drm/drm_crtc.c",
++ [7236].name = "drm_plane_init",
++ [7236].param6 = 1,
++ [7411].file = "drivers/vhost/vhost.c",
++ [7411].name = "__vhost_add_used_n",
++ [7411].param3 = 1,
++ [7432].file = "net/bluetooth/mgmt.c",
++ [7432].name = "mgmt_event",
++ [7432].param4 = 1,
++ [7488].file = "security/keys/user_defined.c",
++ [7488].name = "user_read",
++ [7488].param3 = 1,
++ [7551].file = "drivers/input/touchscreen/ad7879-spi.c",
++ [7551].name = "ad7879_spi_xfer",
++ [7551].param3 = 1,
++ [7671].file = "mm/nobootmem.c",
++ [7671].name = "__alloc_bootmem_node_high",
++ [7671].param2 = 1,
++ [7676].file = "drivers/acpi/custom_method.c",
++ [7676].name = "cm_write",
++ [7676].param3 = 1,
++ [7693].file = "net/sctp/socket.c",
++ [7693].name = "sctp_setsockopt_associnfo",
++ [7693].param3 = 1,
++ [7697].file = "security/selinux/selinuxfs.c",
++ [7697].name = "sel_write_access",
++ [7697].param3 = 1,
++ [7843].file = "fs/compat.c",
++ [7843].name = "compat_sys_readv",
++ [7843].param3 = 1,
++ [7883].file = "net/sched/sch_sfq.c",
++ [7883].name = "sfq_alloc",
++ [7883].param1 = 1,
++ [7924].file = "drivers/media/video/cx18/cx18-fileops.c",
++ [7924].name = "cx18_read_pos",
++ [7924].param3 = 1,
++ [7958].file = "drivers/gpu/vga/vgaarb.c",
++ [7958].name = "vga_arb_write",
++ [7958].param3 = 1,
++ [7976].file = "drivers/usb/gadget/rndis.c",
++ [7976].name = "rndis_add_response",
++ [7976].param2 = 1,
++ [7985].file = "net/mac80211/cfg.c",
++ [7985].name = "ieee80211_mgmt_tx",
++ [7985].param9 = 1,
++ [8014].file = "net/netfilter/ipset/ip_set_list_set.c",
++ [8014].name = "init_list_set",
++ [8014].param2 = 1,
++ [8014].param3 = 1,
++ [8126].file = "sound/soc/soc-core.c",
++ [8126].name = "codec_reg_read_file",
++ [8126].param3 = 1,
++ [8317].file = "security/smack/smackfs.c",
++ [8317].name = "smk_write_ambient",
++ [8317].param3 = 1,
++ [8335].file = "drivers/media/dvb/dvb-core/dmxdev.c",
++ [8335].name = "dvb_dvr_set_buffer_size",
++ [8335].param2 = 1,
++ [8383].file = "kernel/module.c",
++ [8383].name = "copy_and_check",
++ [8383].param3 = 1,
++ [8411].file = "net/caif/cfpkt_skbuff.c",
++ [8411].name = "cfpkt_append",
++ [8411].param3 = 1,
++ [8536].file = "fs/cifs/dns_resolve.c",
++ [8536].name = "dns_resolve_server_name_to_ip",
++ [8536].param1 = 1,
++ [857].file = "drivers/virtio/virtio_ring.c",
++ [857].name = "virtqueue_add_buf",
++ [857].param3 = 1,
++ [857].param4 = 1,
++ [8650].file = "drivers/gpu/drm/vmwgfx/vmwgfx_kms.c",
++ [8650].name = "vmw_kms_present",
++ [8650].param9 = 1,
++ [8654].file = "drivers/net/wireless/mwifiex/sdio.c",
++ [8654].name = "mwifiex_alloc_sdio_mpa_buffers",
++ [8654].param2 = 1,
++ [8654].param3 = 1,
++ [865].file = "drivers/base/regmap/regmap-debugfs.c",
++ [865].name = "regmap_access_read_file",
++ [865].param3 = 1,
++ [8663].file = "net/bridge/netfilter/ebtables.c",
++ [8663].name = "do_update_counters",
++ [8663].param4 = 1,
++ [8684].file = "fs/read_write.c",
++ [8684].name = "sys_writev",
++ [8684].param3 = 1,
++ [8699].file = "security/selinux/selinuxfs.c",
++ [8699].name = "sel_commit_bools_write",
++ [8699].param3 = 1,
++ [8764].file = "drivers/usb/core/devio.c",
++ [8764].name = "usbdev_read",
++ [8764].param3 = 1,
++ [8802].file = "fs/dlm/user.c",
++ [8802].name = "device_write",
++ [8802].param3 = 1,
++ [8810].file = "net/mac80211/debugfs_sta.c",
++ [8810].name = "sta_agg_status_write",
++ [8810].param3 = 1,
++ [8815].file = "security/tomoyo/securityfs_if.c",
++ [8815].name = "tomoyo_write_self",
++ [8815].param3 = 1,
++ [8821].file = "net/wireless/sme.c",
++ [8821].name = "cfg80211_roamed",
++ [8821].param5 = 1,
++ [8821].param7 = 1,
++ [8833].file = "security/selinux/ss/services.c",
++ [8833].name = "security_context_to_sid",
++ [8833].param2 = 1,
++ [8838].file = "lib/mpi/mpi-bit.c",
++ [8838].name = "mpi_lshift_limbs",
++ [8838].param2 = 1,
++ [8851].file = "net/key/af_key.c",
++ [8851].name = "pfkey_sendmsg",
++ [8851].param4 = 1,
++ [8917].file = "net/can/raw.c",
++ [8917].name = "raw_setsockopt",
++ [8917].param5 = 1,
++ [8983].file = "include/linux/skbuff.h",
++ [8983].name = "alloc_skb",
++ [8983].param1 = 1,
++ [9117].file = "drivers/base/regmap/regcache-rbtree.c",
++ [9117].name = "regcache_rbtree_insert_to_block",
++ [9117].param5 = 1,
++ [9226].file = "mm/migrate.c",
++ [9226].name = "sys_move_pages",
++ [9226].param2 = 1,
++ [9304].file = "kernel/auditfilter.c",
++ [9304].name = "audit_init_entry",
++ [9304].param1 = 1,
++ [9317].file = "drivers/usb/wusbcore/wa-nep.c",
++ [9317].name = "wa_nep_queue",
++ [9317].param2 = 1,
++ [9341].file = "drivers/acpi/apei/erst-dbg.c",
++ [9341].name = "erst_dbg_write",
++ [9341].param3 = 1,
++ [9386].file = "fs/exofs/ore.c",
++ [9386].name = "_ore_get_io_state",
++ [9386].param3 = 1,
++ [9386].param4 = 1,
++ [9386].param5 = 1,
++ [9538].file = "crypto/blkcipher.c",
++ [9538].name = "blkcipher_copy_iv",
++ [9538].param3 = 1,
++ [9546].file = "drivers/video/fbmem.c",
++ [9546].name = "fb_write",
++ [9546].param3 = 1,
++ [9601].file = "kernel/kfifo.c",
++ [9601].name = "__kfifo_from_user",
++ [9601].param3 = 1,
++ [9618].file = "security/selinux/selinuxfs.c",
++ [9618].name = "sel_write_bool",
++ [9618].param3 = 1,
++ [9768].file = "drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c",
++ [9768].name = "vmw_execbuf_process",
++ [9768].param5 = 1,
++ [9828].file = "drivers/media/dvb/dvb-core/dmxdev.c",
++ [9828].name = "dvb_demux_do_ioctl",
++ [9828].param3 = 1,
++ [9870].file = "net/atm/addr.c",
++ [9870].name = "atm_get_addr",
++ [9870].param3 = 1,
++ [9977].file = "drivers/net/wireless/zd1211rw/zd_usb.c",
++ [9977].name = "zd_usb_iowrite16v_async",
++ [9977].param3 = 1,
++ [16344].collision = 1,
++ [307].collision = 1,
++ [31649].collision = 1,
++ [33040].collision = 1,
++ [45231].collision = 1,
++ [60651].collision = 1,
++};
+diff --git a/tools/gcc/size_overflow_hash2.h b/tools/gcc/size_overflow_hash2.h
+new file mode 100644
+index 0000000..9ec45ae
+--- /dev/null
++++ b/tools/gcc/size_overflow_hash2.h
+@@ -0,0 +1,35 @@
++struct size_overflow_hash size_overflow_hash2[65536] = {
++ [22224].file = "fs/proc/vmcore.c",
++ [22224].name = "read_from_oldmem",
++ [22224].param2 = 1,
++ [2344].file = "fs/ecryptfs/crypto.c",
++ [2344].name = "ecryptfs_decode_and_decrypt_filename",
++ [2344].param5 = 1,
++ [2515].file = "fs/ecryptfs/crypto.c",
++ [2515].name = "ecryptfs_copy_filename",
++ [2515].param4 = 1,
++ [26518].file = "drivers/gpu/vga/vgaarb.c",
++ [26518].name = "vga_arb_read",
++ [26518].param3 = 1,
++ [30632].file = "drivers/ide/ide-proc.c",
++ [30632].name = "ide_driver_proc_write",
++ [30632].param3 = 1,
++ [39024].file = "lib/scatterlist.c",
++ [39024].name = "sg_kmalloc",
++ [39024].param1 = 1,
++ [50359].file = "kernel/sched/core.c",
++ [50359].name = "alloc_sched_domains",
++ [50359].param1 = 1,
++ [53262].file = "drivers/block/aoe/aoechr.c",
++ [53262].name = "revalidate",
++ [53262].param2 = 1,
++ [56432].file = "drivers/base/regmap/regmap-debugfs.c",
++ [56432].name = "regmap_map_read_file",
++ [56432].param3 = 1,
++ [57500].file = "drivers/spi/spidev.c",
++ [57500].name = "spidev_write",
++ [57500].param3 = 1,
++ [8155].file = "drivers/hv/channel.c",
++ [8155].name = "vmbus_establish_gpadl",
++ [8155].param3 = 1,
++};
+diff --git a/tools/gcc/size_overflow_plugin.c b/tools/gcc/size_overflow_plugin.c
+new file mode 100644
+index 0000000..255439f
+--- /dev/null
++++ b/tools/gcc/size_overflow_plugin.c
+@@ -0,0 +1,1110 @@
++/*
++ * Copyright 2011, 2012 by Emese Revfy <re.emese@gmail.com>
++ * Licensed under the GPL v2, or (at your option) v3
++ *
++ * Homepage:
++ * http://www.grsecurity.net/~ephox/overflow_plugin/
++ *
++ * This plugin recomputes expressions of function arguments marked by a size_overflow attribute
++ * with double integer precision (DImode/TImode for 32/64 bit integer types).
++ * The recomputed argument is checked against INT_MAX and an event is logged on overflow and the triggering process is killed.
++ *
++ * Usage:
++ * $ gcc -I`gcc -print-file-name=plugin`/include -fPIC -shared -O2 -o size_overflow_plugin.so size_overflow_plugin.c
++ * $ gcc -fplugin=size_overflow_plugin.so test.c -O2
++ */
++
++#include "gcc-plugin.h"
++#include "config.h"
++#include "system.h"
++#include "coretypes.h"
++#include "tree.h"
++#include "tree-pass.h"
++#include "intl.h"
++#include "plugin-version.h"
++#include "tm.h"
++#include "toplev.h"
++#include "function.h"
++#include "tree-flow.h"
++#include "plugin.h"
++#include "gimple.h"
++#include "c-common.h"
++#include "diagnostic.h"
++#include "cfgloop.h"
++
++struct size_overflow_hash {
++ const char *name;
++ const char *file;
++ unsigned short collision:1;
++ unsigned short param1:1;
++ unsigned short param2:1;
++ unsigned short param3:1;
++ unsigned short param4:1;
++ unsigned short param5:1;
++ unsigned short param6:1;
++ unsigned short param7:1;
++ unsigned short param8:1;
++ unsigned short param9:1;
++};
++
++#include "size_overflow_hash1.h"
++#include "size_overflow_hash2.h"
++
++#define __unused __attribute__((__unused__))
++#define NAME(node) IDENTIFIER_POINTER(DECL_NAME(node))
++#define BEFORE_STMT true
++#define AFTER_STMT false
++#define CREATE_NEW_VAR NULL_TREE
++
++int plugin_is_GPL_compatible;
++void debug_gimple_stmt (gimple gs);
++
++static tree expand(struct pointer_set_t *visited, bool *potentionally_overflowed, tree var);
++static tree signed_size_overflow_type;
++static tree unsigned_size_overflow_type;
++static tree report_size_overflow_decl;
++static tree const_char_ptr_type_node;
++static unsigned int handle_function(void);
++
++static struct plugin_info size_overflow_plugin_info = {
++ .version = "20120409beta",
++ .help = "no-size_overflow\tturn off size overflow checking\n",
++};
++
++static tree handle_size_overflow_attribute(tree *node, tree __unused name, tree args, int __unused flags, bool *no_add_attrs)
++{
++ unsigned int arg_count = type_num_arguments(*node);
++
++ for (; args; args = TREE_CHAIN(args)) {
++ tree position = TREE_VALUE(args);
++ if (TREE_CODE(position) != INTEGER_CST || TREE_INT_CST_HIGH(position) || TREE_INT_CST_LOW(position) < 1 || TREE_INT_CST_LOW(position) > arg_count ) {
++ error("handle_size_overflow_attribute: overflow parameter outside range.");
++ *no_add_attrs = true;
++ }
++ }
++ return NULL_TREE;
++}
++
++static struct attribute_spec no_size_overflow_attr = {
++ .name = "size_overflow",
++ .min_length = 1,
++ .max_length = -1,
++ .decl_required = false,
++ .type_required = true,
++ .function_type_required = true,
++ .handler = handle_size_overflow_attribute
++};
++
++static void register_attributes(void __unused *event_data, void __unused *data)
++{
++ register_attribute(&no_size_overflow_attr);
++}
++
++// http://www.team5150.com/~andrew/noncryptohashzoo2~/CrapWow.html
++static unsigned int CrapWow(const char *key, unsigned int len, unsigned int seed)
++{
++#define cwfold( a, b, lo, hi ) { p = (unsigned int)(a) * (unsigned long long)(b); lo ^= (unsigned int)p; hi ^= (unsigned int)(p >> 32); }
++#define cwmixa( in ) { cwfold( in, m, k, h ); }
++#define cwmixb( in ) { cwfold( in, n, h, k ); }
++
++ const unsigned int m = 0x57559429;
++ const unsigned int n = 0x5052acdb;
++ const unsigned int *key4 = (const unsigned int *)key;
++ unsigned int h = len;
++ unsigned int k = len + seed + n;
++ unsigned long long p;
++
++ while (len >= 8) {
++ cwmixb(key4[0]) cwmixa(key4[1]) key4 += 2;
++ len -= 8;
++ }
++ if (len >= 4) {
++ cwmixb(key4[0]) key4 += 1;
++ len -= 4;
++ }
++ if (len)
++ cwmixa(key4[0] & ((1 << (len * 8)) - 1 ));
++ cwmixb(h ^ (k + n));
++ return k ^ h;
++
++#undef cwfold
++#undef cwmixa
++#undef cwmixb
++}
++
++static inline unsigned int size_overflow_hash(const char *fndecl, unsigned int seed)
++{
++ return CrapWow(fndecl, strlen(fndecl), seed) & 0xffff;
++}
++
++static inline tree get_original_function_decl(tree fndecl)
++{
++ if (DECL_ABSTRACT_ORIGIN(fndecl))
++ return DECL_ABSTRACT_ORIGIN(fndecl);
++ return fndecl;
++}
++
++static inline gimple get_def_stmt(tree node)
++{
++ gcc_assert(TREE_CODE(node) == SSA_NAME);
++ return SSA_NAME_DEF_STMT(node);
++}
++
++static struct size_overflow_hash *get_function_hash(tree fndecl)
++{
++ unsigned int hash;
++ const char *func = NAME(fndecl);
++
++ hash = size_overflow_hash(func, 0);
++
++ if (size_overflow_hash1[hash].collision) {
++ hash = size_overflow_hash(func, 23432);
++ return &size_overflow_hash2[hash];
++ }
++ return &size_overflow_hash1[hash];
++}
++
++static void check_arg_type(tree var)
++{
++ tree type = TREE_TYPE(var);
++ enum tree_code code = TREE_CODE(type);
++
++ gcc_assert(code == INTEGER_TYPE ||
++ (code == POINTER_TYPE && TREE_CODE(TREE_TYPE(type)) == VOID_TYPE) ||
++ (code == POINTER_TYPE && TREE_CODE(TREE_TYPE(type)) == INTEGER_TYPE));
++}
++
++static void check_missing_attribute(tree arg)
++{
++ tree var, type, func = get_original_function_decl(current_function_decl);
++ const char *curfunc = NAME(func);
++ unsigned int new_hash, argnum = 1;
++ struct size_overflow_hash *hash;
++ location_t loc;
++ expanded_location xloc;
++ bool match = false;
++
++ type = TREE_TYPE(arg);
++ // skip function pointers
++ if (TREE_CODE(type) == POINTER_TYPE && TREE_CODE(TREE_TYPE(type)) == FUNCTION_TYPE)
++ return;
++
++ loc = DECL_SOURCE_LOCATION(func);
++ xloc = expand_location(loc);
++
++ if (lookup_attribute("size_overflow", TYPE_ATTRIBUTES(TREE_TYPE(func))))
++ return;
++
++ hash = get_function_hash(func);
++ if (hash->name && !strcmp(hash->name, NAME(func)) && !strcmp(hash->file, xloc.file))
++ return;
++
++ gcc_assert(TREE_CODE(arg) != COMPONENT_REF);
++
++ if (TREE_CODE(arg) == SSA_NAME)
++ arg = SSA_NAME_VAR(arg);
++
++ for (var = DECL_ARGUMENTS(func); var; var = TREE_CHAIN(var)) {
++ if (strcmp(NAME(arg), NAME(var))) {
++ argnum++;
++ continue;
++ }
++ check_arg_type(var);
++
++ match = true;
++ if (!TYPE_UNSIGNED(TREE_TYPE(var)))
++ return;
++ break;
++ }
++ if (!match) {
++ warning(0, "check_missing_attribute: cannot find the %s argument in %s", NAME(arg), NAME(func));
++ return;
++ }
++
++#define check_param(num) \
++ if (num == argnum && hash->param##num) \
++ return;
++ check_param(1);
++ check_param(2);
++ check_param(3);
++ check_param(4);
++ check_param(5);
++ check_param(6);
++ check_param(7);
++ check_param(8);
++ check_param(9);
++#undef check_param
++
++ new_hash = size_overflow_hash(curfunc, 0);
++ inform(loc, "Function %s is missing from the size_overflow hash table +%s+%d+%u+%s", curfunc, curfunc, argnum, new_hash, xloc.file);
++}
++
++static tree create_new_var(tree type)
++{
++ tree new_var = create_tmp_var(type, "cicus");
++
++ add_referenced_var(new_var);
++ mark_sym_for_renaming(new_var);
++ return new_var;
++}
++
++static bool is_bool(tree node)
++{
++ tree type;
++
++ if (node == NULL_TREE)
++ return false;
++
++ type = TREE_TYPE(node);
++ if (!INTEGRAL_TYPE_P(type))
++ return false;
++ if (TREE_CODE(type) == BOOLEAN_TYPE)
++ return true;
++ if (TYPE_PRECISION(type) == 1)
++ return true;
++ return false;
++}
++
++static tree cast_a_tree(tree type, tree var)
++{
++ gcc_assert(fold_convertible_p(type, var));
++
++ return fold_convert(type, var);
++}
++
++static gimple build_cast_stmt(tree type, tree var, tree new_var, location_t loc)
++{
++ gimple assign;
++
++ if (new_var == CREATE_NEW_VAR)
++ new_var = create_new_var(type);
++
++ assign = gimple_build_assign(new_var, cast_a_tree(type, var));
++ gimple_set_location(assign, loc);
++ gimple_set_lhs(assign, make_ssa_name(new_var, assign));
++
++ return assign;
++}
++
++static tree create_assign(struct pointer_set_t *visited, bool *potentionally_overflowed, gimple oldstmt, tree rhs1, bool before)
++{
++ tree oldstmt_rhs1;
++ enum tree_code code;
++ gimple stmt;
++ gimple_stmt_iterator gsi;
++
++ if (!*potentionally_overflowed)
++ return NULL_TREE;
++
++ if (rhs1 == NULL_TREE) {
++ debug_gimple_stmt(oldstmt);
++ error("create_assign: rhs1 is NULL_TREE");
++ gcc_unreachable();
++ }
++
++ oldstmt_rhs1 = gimple_assign_rhs1(oldstmt);
++ code = TREE_CODE(oldstmt_rhs1);
++ if (code == PARM_DECL || (code == SSA_NAME && gimple_code(get_def_stmt(oldstmt_rhs1)) == GIMPLE_NOP))
++ check_missing_attribute(oldstmt_rhs1);
++
++ stmt = build_cast_stmt(signed_size_overflow_type, rhs1, CREATE_NEW_VAR, gimple_location(oldstmt));
++ gsi = gsi_for_stmt(oldstmt);
++ if (before)
++ gsi_insert_before(&gsi, stmt, GSI_NEW_STMT);
++ else
++ gsi_insert_after(&gsi, stmt, GSI_NEW_STMT);
++ update_stmt(stmt);
++ pointer_set_insert(visited, oldstmt);
++ return gimple_get_lhs(stmt);
++}
++
++static tree dup_assign(struct pointer_set_t *visited, bool *potentionally_overflowed, gimple oldstmt, tree rhs1, tree rhs2, tree __unused rhs3)
++{
++ tree new_var, lhs = gimple_get_lhs(oldstmt);
++ gimple stmt;
++ gimple_stmt_iterator gsi;
++
++ if (!*potentionally_overflowed)
++ return NULL_TREE;
++
++ if (gimple_num_ops(oldstmt) != 4 && rhs1 == NULL_TREE) {
++ rhs1 = gimple_assign_rhs1(oldstmt);
++ rhs1 = create_assign(visited, potentionally_overflowed, oldstmt, rhs1, BEFORE_STMT);
++ }
++ if (gimple_num_ops(oldstmt) == 3 && rhs2 == NULL_TREE) {
++ rhs2 = gimple_assign_rhs2(oldstmt);
++ rhs2 = create_assign(visited, potentionally_overflowed, oldstmt, rhs2, BEFORE_STMT);
++ }
++
++ stmt = gimple_copy(oldstmt);
++ gimple_set_location(stmt, gimple_location(oldstmt));
++
++ if (gimple_assign_rhs_code(oldstmt) == WIDEN_MULT_EXPR)
++ gimple_assign_set_rhs_code(stmt, MULT_EXPR);
++
++ if (is_bool(lhs))
++ new_var = SSA_NAME_VAR(lhs);
++ else
++ new_var = create_new_var(signed_size_overflow_type);
++ new_var = make_ssa_name(new_var, stmt);
++ gimple_set_lhs(stmt, new_var);
++
++ if (rhs1 != NULL_TREE) {
++ if (!gimple_assign_cast_p(oldstmt))
++ rhs1 = cast_a_tree(signed_size_overflow_type, rhs1);
++ gimple_assign_set_rhs1(stmt, rhs1);
++ }
++
++ if (rhs2 != NULL_TREE)
++ gimple_assign_set_rhs2(stmt, rhs2);
++#if BUILDING_GCC_VERSION >= 4007
++ if (rhs3 != NULL_TREE)
++ gimple_assign_set_rhs3(stmt, rhs3);
++#endif
++ gimple_set_vuse(stmt, gimple_vuse(oldstmt));
++ gimple_set_vdef(stmt, gimple_vdef(oldstmt));
++
++ gsi = gsi_for_stmt(oldstmt);
++ gsi_insert_after(&gsi, stmt, GSI_SAME_STMT);
++ update_stmt(stmt);
++ pointer_set_insert(visited, oldstmt);
++ return gimple_get_lhs(stmt);
++}
++
++static gimple overflow_create_phi_node(gimple oldstmt, tree var)
++{
++ basic_block bb;
++ gimple phi;
++ gimple_stmt_iterator gsi = gsi_for_stmt(oldstmt);
++
++ bb = gsi_bb(gsi);
++
++ phi = create_phi_node(var, bb);
++ gsi = gsi_last(phi_nodes(bb));
++ gsi_remove(&gsi, false);
++
++ gsi = gsi_for_stmt(oldstmt);
++ gsi_insert_after(&gsi, phi, GSI_NEW_STMT);
++ gimple_set_bb(phi, bb);
++ return phi;
++}
++
++static tree signed_cast_constant(tree node)
++{
++ gcc_assert(is_gimple_constant(node));
++
++ return cast_a_tree(signed_size_overflow_type, node);
++}
++
++static gimple cast_old_phi_arg(gimple oldstmt, tree arg, tree new_var, unsigned int i)
++{
++ basic_block bb;
++ gimple newstmt, def_stmt;
++ gimple_stmt_iterator gsi;
++
++ newstmt = build_cast_stmt(signed_size_overflow_type, arg, new_var, gimple_location(oldstmt));
++ if (TREE_CODE(arg) == SSA_NAME) {
++ def_stmt = get_def_stmt(arg);
++ if (gimple_code(def_stmt) != GIMPLE_NOP) {
++ gsi = gsi_for_stmt(def_stmt);
++ gsi_insert_after(&gsi, newstmt, GSI_NEW_STMT);
++ return newstmt;
++ }
++ }
++
++ bb = gimple_phi_arg_edge(oldstmt, i)->src;
++ gsi = gsi_after_labels(bb);
++ gsi_insert_before(&gsi, newstmt, GSI_NEW_STMT);
++ return newstmt;
++}
++
++static gimple handle_new_phi_arg(tree arg, tree new_var, tree new_rhs)
++{
++ gimple newstmt;
++ gimple_stmt_iterator gsi;
++ void (*gsi_insert)(gimple_stmt_iterator *, gimple, enum gsi_iterator_update);
++ gimple def_newstmt = get_def_stmt(new_rhs);
++
++ gsi_insert = gsi_insert_after;
++ gsi = gsi_for_stmt(def_newstmt);
++
++ switch (gimple_code(get_def_stmt(arg))) {
++ case GIMPLE_PHI:
++ newstmt = gimple_build_assign(new_var, new_rhs);
++ gsi = gsi_after_labels(gimple_bb(def_newstmt));
++ gsi_insert = gsi_insert_before;
++ break;
++ case GIMPLE_ASM:
++ case GIMPLE_CALL:
++ newstmt = gimple_build_assign(new_var, new_rhs);
++ break;
++ case GIMPLE_ASSIGN:
++ newstmt = gimple_copy(def_newstmt);
++ break;
++ default:
++ /* unknown gimple_code (handle_build_new_phi_arg) */
++ gcc_unreachable();
++ }
++
++ gimple_set_lhs(newstmt, make_ssa_name(new_var, newstmt));
++ gsi_insert(&gsi, newstmt, GSI_NEW_STMT);
++ return newstmt;
++}
++
++static tree build_new_phi_arg(struct pointer_set_t *visited, bool *potentionally_overflowed, tree arg, tree new_var)
++{
++ gimple newstmt;
++ tree new_rhs;
++
++ new_rhs = expand(visited, potentionally_overflowed, arg);
++
++ if (new_rhs == NULL_TREE)
++ return NULL_TREE;
++
++ newstmt = handle_new_phi_arg(arg, new_var, new_rhs);
++ update_stmt(newstmt);
++ return gimple_get_lhs(newstmt);
++}
++
++static tree build_new_phi(struct pointer_set_t *visited, bool *potentionally_overflowed, gimple oldstmt)
++{
++ gimple phi;
++ tree new_var = create_new_var(signed_size_overflow_type);
++ unsigned int i, n = gimple_phi_num_args(oldstmt);
++
++ pointer_set_insert(visited, oldstmt);
++ phi = overflow_create_phi_node(oldstmt, new_var);
++ for (i = 0; i < n; i++) {
++ tree arg, lhs;
++
++ arg = gimple_phi_arg_def(oldstmt, i);
++ if (is_gimple_constant(arg))
++ arg = signed_cast_constant(arg);
++ lhs = build_new_phi_arg(visited, potentionally_overflowed, arg, new_var);
++ if (lhs == NULL_TREE)
++ lhs = gimple_get_lhs(cast_old_phi_arg(oldstmt, arg, new_var, i));
++ add_phi_arg(phi, lhs, gimple_phi_arg_edge(oldstmt, i), gimple_location(oldstmt));
++ }
++
++ update_stmt(phi);
++ return gimple_phi_result(phi);
++}
++
++static tree handle_unary_rhs(struct pointer_set_t *visited, bool *potentionally_overflowed, tree var)
++{
++ gimple def_stmt = get_def_stmt(var);
++ tree new_rhs1, rhs1 = gimple_assign_rhs1(def_stmt);
++
++ *potentionally_overflowed = true;
++ new_rhs1 = expand(visited, potentionally_overflowed, rhs1);
++ if (new_rhs1 == NULL_TREE) {
++ if (TREE_CODE(TREE_TYPE(rhs1)) == POINTER_TYPE)
++ return create_assign(visited, potentionally_overflowed, def_stmt, var, AFTER_STMT);
++ else
++ return create_assign(visited, potentionally_overflowed, def_stmt, rhs1, AFTER_STMT);
++ }
++ return dup_assign(visited, potentionally_overflowed, def_stmt, new_rhs1, NULL_TREE, NULL_TREE);
++}
++
++static tree handle_unary_ops(struct pointer_set_t *visited, bool *potentionally_overflowed, tree var)
++{
++ gimple def_stmt = get_def_stmt(var);
++ tree rhs1 = gimple_assign_rhs1(def_stmt);
++
++ if (is_gimple_constant(rhs1))
++ return dup_assign(visited, potentionally_overflowed, def_stmt, signed_cast_constant(rhs1), NULL_TREE, NULL_TREE);
++
++ switch (TREE_CODE(rhs1)) {
++ case SSA_NAME:
++ return handle_unary_rhs(visited, potentionally_overflowed, var);
++
++ case ARRAY_REF:
++ case ADDR_EXPR:
++ case COMPONENT_REF:
++ case COND_EXPR:
++ case INDIRECT_REF:
++#if BUILDING_GCC_VERSION >= 4006
++ case MEM_REF:
++#endif
++ case PARM_DECL:
++ case TARGET_MEM_REF:
++ case VAR_DECL:
++ return create_assign(visited, potentionally_overflowed, def_stmt, var, AFTER_STMT);
++
++ default:
++ debug_gimple_stmt(def_stmt);
++ debug_tree(rhs1);
++ gcc_unreachable();
++ }
++}
++
++static void insert_cond(basic_block cond_bb, tree arg, enum tree_code cond_code, tree type_value)
++{
++ gimple cond_stmt;
++ gimple_stmt_iterator gsi = gsi_last_bb(cond_bb);
++
++ cond_stmt = gimple_build_cond(cond_code, arg, type_value, NULL_TREE, NULL_TREE);
++ gsi_insert_after(&gsi, cond_stmt, GSI_CONTINUE_LINKING);
++ update_stmt(cond_stmt);
++}
++
++static tree create_string_param(tree string)
++{
++ tree array_ref = build4(ARRAY_REF, TREE_TYPE(string), string, integer_zero_node, NULL, NULL);
++
++ return build1(ADDR_EXPR, ptr_type_node, array_ref);
++}
++
++static void insert_cond_result(basic_block bb_true, gimple stmt, tree arg)
++{
++ gimple func_stmt, def_stmt;
++ tree current_func, loc_file, loc_line;
++ expanded_location xloc;
++ gimple_stmt_iterator gsi = gsi_start_bb(bb_true);
++
++ def_stmt = get_def_stmt(arg);
++ xloc = expand_location(gimple_location(def_stmt));
++
++ if (!gimple_has_location(def_stmt)) {
++ xloc = expand_location(gimple_location(stmt));
++ if (!gimple_has_location(stmt))
++ xloc = expand_location(DECL_SOURCE_LOCATION(current_function_decl));
++ }
++
++ loc_line = build_int_cstu(unsigned_type_node, xloc.line);
++
++ loc_file = build_string(strlen(xloc.file), xloc.file);
++ TREE_TYPE(loc_file) = char_array_type_node;
++ loc_file = create_string_param(loc_file);
++
++ current_func = build_string(IDENTIFIER_LENGTH(DECL_NAME(current_function_decl)), NAME(current_function_decl));
++ TREE_TYPE(current_func) = char_array_type_node;
++ current_func = create_string_param(current_func);
++
++ // void report_size_overflow(const char *file, unsigned int line, const char *func)
++ func_stmt = gimple_build_call(report_size_overflow_decl, 3, loc_file, loc_line, current_func);
++
++ gsi_insert_after(&gsi, func_stmt, GSI_CONTINUE_LINKING);
++}
++
++static void insert_check_size_overflow(gimple stmt, enum tree_code cond_code, tree arg, tree type_value)
++{
++ basic_block cond_bb, join_bb, bb_true;
++ edge e;
++ gimple_stmt_iterator gsi = gsi_for_stmt(stmt);
++// location_t loc = gimple_location(stmt);
++
++ cond_bb = gimple_bb(stmt);
++ gsi_prev(&gsi);
++ if (gsi_end_p(gsi))
++ e = split_block_after_labels(cond_bb);
++ else
++ e = split_block(cond_bb, gsi_stmt(gsi));
++ cond_bb = e->src;
++ join_bb = e->dest;
++ e->flags = EDGE_FALSE_VALUE;
++ e->probability = REG_BR_PROB_BASE;
++
++ bb_true = create_empty_bb(cond_bb);
++ make_edge(cond_bb, bb_true, EDGE_TRUE_VALUE);
++ make_edge(cond_bb, join_bb, EDGE_FALSE_VALUE);
++ make_edge(bb_true, join_bb, EDGE_FALLTHRU);
++
++ if (dom_info_available_p(CDI_DOMINATORS)) {
++ set_immediate_dominator(CDI_DOMINATORS, bb_true, cond_bb);
++ set_immediate_dominator(CDI_DOMINATORS, join_bb, cond_bb);
++ }
++
++ if (current_loops != NULL) {
++ gcc_assert(cond_bb->loop_father == join_bb->loop_father);
++ add_bb_to_loop(bb_true, cond_bb->loop_father);
++ }
++
++ insert_cond(cond_bb, arg, cond_code, type_value);
++ insert_cond_result(bb_true, stmt, arg);
++
++// inform(loc, "Integer size_overflow check applied here.");
++}
++
++static tree get_type_for_check(tree rhs)
++{
++ tree def_rhs;
++ gimple def_stmt = get_def_stmt(rhs);
++
++ if (!gimple_assign_cast_p(def_stmt))
++ return TREE_TYPE(rhs);
++ def_rhs = gimple_assign_rhs1(def_stmt);
++ if (TREE_CODE(TREE_TYPE(def_rhs)) == INTEGER_TYPE)
++ return TREE_TYPE(def_rhs);
++ return TREE_TYPE(rhs);
++}
++
++static gimple cast_to_unsigned_size_overflow_type(gimple stmt, tree cast_rhs)
++{
++ gimple ucast_stmt;
++ gimple_stmt_iterator gsi;
++ location_t loc = gimple_location(stmt);
++
++ ucast_stmt = build_cast_stmt(unsigned_size_overflow_type, cast_rhs, CREATE_NEW_VAR, loc);
++ gsi = gsi_for_stmt(stmt);
++ gsi_insert_before(&gsi, ucast_stmt, GSI_SAME_STMT);
++ return ucast_stmt;
++}
++
++static void check_size_overflow(gimple stmt, tree cast_rhs, tree rhs, bool *potentionally_overflowed)
++{
++ tree type_max, type_min, rhs_type;
++ gimple ucast_stmt;
++
++ if (!*potentionally_overflowed)
++ return;
++
++ rhs_type = get_type_for_check(rhs);
++
++ if (TYPE_UNSIGNED(rhs_type)) {
++ ucast_stmt = cast_to_unsigned_size_overflow_type(stmt, cast_rhs);
++ type_max = cast_a_tree(unsigned_size_overflow_type, TYPE_MAX_VALUE(rhs_type));
++ insert_check_size_overflow(stmt, GT_EXPR, gimple_get_lhs(ucast_stmt), type_max);
++ } else {
++ type_max = cast_a_tree(signed_size_overflow_type, TYPE_MAX_VALUE(rhs_type));
++ insert_check_size_overflow(stmt, GT_EXPR, cast_rhs, type_max);
++
++ type_min = cast_a_tree(signed_size_overflow_type, TYPE_MIN_VALUE(rhs_type));
++ insert_check_size_overflow(stmt, LT_EXPR, cast_rhs, type_min);
++ }
++}
++
++static tree change_assign_rhs(struct pointer_set_t *visited, bool *potentionally_overflowed, gimple stmt, tree orig_rhs)
++{
++ gimple assign;
++ gimple_stmt_iterator gsi = gsi_for_stmt(stmt);
++ tree new_rhs, origtype = TREE_TYPE(orig_rhs);
++
++ gcc_assert(gimple_code(stmt) == GIMPLE_ASSIGN);
++
++ new_rhs = expand(visited, potentionally_overflowed, orig_rhs);
++ if (new_rhs == NULL_TREE)
++ return NULL_TREE;
++
++ assign = build_cast_stmt(origtype, new_rhs, CREATE_NEW_VAR, gimple_location(stmt));
++ gsi_insert_before(&gsi, assign, GSI_SAME_STMT);
++ update_stmt(assign);
++ return gimple_get_lhs(assign);
++}
++
++static tree handle_const_assign(struct pointer_set_t *visited, bool *potentionally_overflowed, gimple def_stmt, tree var, tree rhs, tree new_rhs1, tree new_rhs2, void (*gimple_assign_set_rhs)(gimple, tree))
++{
++ tree new_rhs, cast_rhs;
++
++ if (gimple_assign_rhs_code(def_stmt) == MIN_EXPR)
++ return dup_assign(visited, potentionally_overflowed, def_stmt, new_rhs1, new_rhs2, NULL_TREE);
++
++ new_rhs = change_assign_rhs(visited, potentionally_overflowed, def_stmt, rhs);
++ if (new_rhs != NULL_TREE) {
++ gimple_assign_set_rhs(def_stmt, new_rhs);
++ update_stmt(def_stmt);
++
++ cast_rhs = gimple_assign_rhs1(get_def_stmt(new_rhs));
++
++ check_size_overflow(def_stmt, cast_rhs, rhs, potentionally_overflowed);
++ }
++ return create_assign(visited, potentionally_overflowed, def_stmt, var, AFTER_STMT);
++}
++
++static tree handle_binary_ops(struct pointer_set_t *visited, bool *potentionally_overflowed, tree var)
++{
++ tree rhs1, rhs2;
++ gimple def_stmt = get_def_stmt(var);
++ tree new_rhs1 = NULL_TREE;
++ tree new_rhs2 = NULL_TREE;
++
++ rhs1 = gimple_assign_rhs1(def_stmt);
++ rhs2 = gimple_assign_rhs2(def_stmt);
++
++ /* no DImode/TImode division in the 32/64 bit kernel */
++ switch (gimple_assign_rhs_code(def_stmt)) {
++ case RDIV_EXPR:
++ case TRUNC_DIV_EXPR:
++ case CEIL_DIV_EXPR:
++ case FLOOR_DIV_EXPR:
++ case ROUND_DIV_EXPR:
++ case TRUNC_MOD_EXPR:
++ case CEIL_MOD_EXPR:
++ case FLOOR_MOD_EXPR:
++ case ROUND_MOD_EXPR:
++ case EXACT_DIV_EXPR:
++ case POINTER_PLUS_EXPR:
++ return create_assign(visited, potentionally_overflowed, def_stmt, var, AFTER_STMT);
++ default:
++ break;
++ }
++
++ *potentionally_overflowed = true;
++
++ if (TREE_CODE(rhs1) == SSA_NAME)
++ new_rhs1 = expand(visited, potentionally_overflowed, rhs1);
++ if (TREE_CODE(rhs2) == SSA_NAME)
++ new_rhs2 = expand(visited, potentionally_overflowed, rhs2);
++
++ if (is_gimple_constant(rhs2))
++ return handle_const_assign(visited, potentionally_overflowed, def_stmt, var, rhs1, new_rhs1, signed_cast_constant(rhs2), &gimple_assign_set_rhs1);
++
++ if (is_gimple_constant(rhs1))
++ return handle_const_assign(visited, potentionally_overflowed, def_stmt, var, rhs2, signed_cast_constant(rhs1), new_rhs2, &gimple_assign_set_rhs2);
++
++ return dup_assign(visited, potentionally_overflowed, def_stmt, new_rhs1, new_rhs2, NULL_TREE);
++}
++
++#if BUILDING_GCC_VERSION >= 4007
++static tree get_new_rhs(struct pointer_set_t *visited, bool *potentionally_overflowed, tree rhs)
++{
++ if (is_gimple_constant(rhs))
++ return signed_cast_constant(rhs);
++ if (TREE_CODE(rhs) != SSA_NAME)
++ return NULL_TREE;
++ return expand(visited, potentionally_overflowed, rhs);
++}
++
++static tree handle_ternary_ops(struct pointer_set_t *visited, bool *potentionally_overflowed, tree var)
++{
++ tree rhs1, rhs2, rhs3, new_rhs1, new_rhs2, new_rhs3;
++ gimple def_stmt = get_def_stmt(var);
++
++ *potentionally_overflowed = true;
++
++ rhs1 = gimple_assign_rhs1(def_stmt);
++ rhs2 = gimple_assign_rhs2(def_stmt);
++ rhs3 = gimple_assign_rhs3(def_stmt);
++ new_rhs1 = get_new_rhs(visited, potentionally_overflowed, rhs1);
++ new_rhs2 = get_new_rhs(visited, potentionally_overflowed, rhs2);
++ new_rhs3 = get_new_rhs(visited, potentionally_overflowed, rhs3);
++
++ if (new_rhs1 == NULL_TREE && new_rhs2 != NULL_TREE && new_rhs3 != NULL_TREE)
++ return dup_assign(visited, potentionally_overflowed, def_stmt, new_rhs1, new_rhs2, new_rhs3);
++ error("handle_ternary_ops: unknown rhs");
++ gcc_unreachable();
++}
++#endif
++
++static void set_size_overflow_type(tree node)
++{
++ switch (TYPE_MODE(TREE_TYPE(node))) {
++ case SImode:
++ signed_size_overflow_type = intDI_type_node;
++ unsigned_size_overflow_type = unsigned_intDI_type_node;
++ break;
++ case DImode:
++ if (LONG_TYPE_SIZE == GET_MODE_BITSIZE(SImode)) {
++ signed_size_overflow_type = intDI_type_node;
++ unsigned_size_overflow_type = unsigned_intDI_type_node;
++ } else {
++ signed_size_overflow_type = intTI_type_node;
++ unsigned_size_overflow_type = unsigned_intTI_type_node;
++ }
++ break;
++ default:
++ error("set_size_overflow_type: unsupported gcc configuration.");
++ gcc_unreachable();
++ }
++}
++
++static tree expand_visited(gimple def_stmt)
++{
++ gimple tmp;
++ gimple_stmt_iterator gsi = gsi_for_stmt(def_stmt);
++
++ gsi_next(&gsi);
++ tmp = gsi_stmt(gsi);
++ switch (gimple_code(tmp)) {
++ case GIMPLE_ASSIGN:
++ return gimple_get_lhs(tmp);
++ case GIMPLE_PHI:
++ return gimple_phi_result(tmp);
++ case GIMPLE_CALL:
++ return gimple_call_lhs(tmp);
++ default:
++ return NULL_TREE;
++ }
++}
++
++static tree expand(struct pointer_set_t *visited, bool *potentionally_overflowed, tree var)
++{
++ gimple def_stmt;
++ enum tree_code code = TREE_CODE(TREE_TYPE(var));
++
++ if (is_gimple_constant(var))
++ return NULL_TREE;
++
++ if (TREE_CODE(var) == ADDR_EXPR)
++ return NULL_TREE;
++
++ gcc_assert(code == INTEGER_TYPE || code == POINTER_TYPE || code == BOOLEAN_TYPE);
++ if (code != INTEGER_TYPE)
++ return NULL_TREE;
++
++ if (SSA_NAME_IS_DEFAULT_DEF(var)) {
++ check_missing_attribute(var);
++ return NULL_TREE;
++ }
++
++ def_stmt = get_def_stmt(var);
++
++ if (!def_stmt)
++ return NULL_TREE;
++
++ if (pointer_set_contains(visited, def_stmt))
++ return expand_visited(def_stmt);
++
++ switch (gimple_code(def_stmt)) {
++ case GIMPLE_NOP:
++ check_missing_attribute(var);
++ return NULL_TREE;
++ case GIMPLE_PHI:
++ return build_new_phi(visited, potentionally_overflowed, def_stmt);
++ case GIMPLE_CALL:
++ case GIMPLE_ASM:
++ return create_assign(visited, potentionally_overflowed, def_stmt, var, AFTER_STMT);
++ case GIMPLE_ASSIGN:
++ switch (gimple_num_ops(def_stmt)) {
++ case 2:
++ return handle_unary_ops(visited, potentionally_overflowed, var);
++ case 3:
++ return handle_binary_ops(visited, potentionally_overflowed, var);
++#if BUILDING_GCC_VERSION >= 4007
++ case 4:
++ return handle_ternary_ops(visited, potentionally_overflowed, var);
++#endif
++ }
++ default:
++ debug_gimple_stmt(def_stmt);
++ error("expand: unknown gimple code");
++ gcc_unreachable();
++ }
++}
++
++static void change_function_arg(gimple stmt, tree origarg, unsigned int argnum, tree newarg)
++{
++ gimple assign;
++ gimple_stmt_iterator gsi = gsi_for_stmt(stmt);
++ tree origtype = TREE_TYPE(origarg);
++
++ gcc_assert(gimple_code(stmt) == GIMPLE_CALL);
++
++ assign = build_cast_stmt(origtype, newarg, CREATE_NEW_VAR, gimple_location(stmt));
++ gsi_insert_before(&gsi, assign, GSI_SAME_STMT);
++ update_stmt(assign);
++
++ gimple_call_set_arg(stmt, argnum, gimple_get_lhs(assign));
++ update_stmt(stmt);
++}
++
++static tree get_function_arg(unsigned int argnum, gimple stmt, tree fndecl)
++{
++ const char *origid;
++ tree arg, origarg;
++
++ if (!DECL_ABSTRACT_ORIGIN(fndecl)) {
++ gcc_assert(gimple_call_num_args(stmt) > argnum);
++ return gimple_call_arg(stmt, argnum);
++ }
++
++ origarg = DECL_ARGUMENTS(DECL_ABSTRACT_ORIGIN(fndecl));
++ while (origarg && argnum) {
++ argnum--;
++ origarg = TREE_CHAIN(origarg);
++ }
++
++ gcc_assert(argnum == 0);
++
++ gcc_assert(origarg != NULL_TREE);
++ origid = NAME(origarg);
++ for (arg = DECL_ARGUMENTS(fndecl); arg; arg = TREE_CHAIN(arg)) {
++ if (!strcmp(origid, NAME(arg)))
++ return arg;
++ }
++ return NULL_TREE;
++}
++
++static void handle_function_arg(gimple stmt, tree fndecl, unsigned int argnum)
++{
++ struct pointer_set_t *visited;
++ tree arg, newarg, type_max;
++ gimple ucast_stmt;
++ bool potentionally_overflowed;
++
++ arg = get_function_arg(argnum, stmt, fndecl);
++ if (arg == NULL_TREE)
++ return;
++
++ if (is_gimple_constant(arg))
++ return;
++ if (TREE_CODE(arg) != SSA_NAME)
++ return;
++
++ check_arg_type(arg);
++
++ set_size_overflow_type(arg);
++
++ visited = pointer_set_create();
++ potentionally_overflowed = false;
++ newarg = expand(visited, &potentionally_overflowed, arg);
++ pointer_set_destroy(visited);
++
++ if (newarg == NULL_TREE || !potentionally_overflowed)
++ return;
++
++ change_function_arg(stmt, arg, argnum, newarg);
++
++ ucast_stmt = cast_to_unsigned_size_overflow_type(stmt, newarg);
++
++ type_max = build_int_cstu(unsigned_size_overflow_type, 0x7fffffff);
++ insert_check_size_overflow(stmt, GT_EXPR, gimple_get_lhs(ucast_stmt), type_max);
++}
++
++static void handle_function_by_attribute(gimple stmt, tree attr, tree fndecl)
++{
++ tree p = TREE_VALUE(attr);
++ do {
++ handle_function_arg(stmt, fndecl, TREE_INT_CST_LOW(TREE_VALUE(p))-1);
++ p = TREE_CHAIN(p);
++ } while (p);
++}
++
++static void handle_function_by_hash(gimple stmt, tree fndecl)
++{
++ struct size_overflow_hash *hash;
++ expanded_location xloc;
++
++ hash = get_function_hash(fndecl);
++ xloc = expand_location(DECL_SOURCE_LOCATION(fndecl));
++
++ fndecl = get_original_function_decl(fndecl);
++ if (!hash->name || !hash->file)
++ return;
++ if (strcmp(hash->name, NAME(fndecl)) || strcmp(hash->file, xloc.file))
++ return;
++
++#define search_param(argnum) \
++ if (hash->param##argnum) \
++ handle_function_arg(stmt, fndecl, argnum - 1);
++
++ search_param(1);
++ search_param(2);
++ search_param(3);
++ search_param(4);
++ search_param(5);
++ search_param(6);
++ search_param(7);
++ search_param(8);
++ search_param(9);
++#undef search_param
++}
++
++static unsigned int handle_function(void)
++{
++ basic_block bb = ENTRY_BLOCK_PTR->next_bb;
++ int saved_last_basic_block = last_basic_block;
++
++ do {
++ gimple_stmt_iterator gsi;
++ basic_block next = bb->next_bb;
++
++ for (gsi = gsi_start_bb(bb); !gsi_end_p(gsi); gsi_next(&gsi)) {
++ tree fndecl, attr;
++ gimple stmt = gsi_stmt(gsi);
++
++ if (!(is_gimple_call(stmt)))
++ continue;
++ fndecl = gimple_call_fndecl(stmt);
++ if (fndecl == NULL_TREE)
++ continue;
++ if (gimple_call_num_args(stmt) == 0)
++ continue;
++ attr = lookup_attribute("size_overflow", TYPE_ATTRIBUTES(TREE_TYPE(fndecl)));
++ if (!attr || !TREE_VALUE(attr))
++ handle_function_by_hash(stmt, fndecl);
++ else
++ handle_function_by_attribute(stmt, attr, fndecl);
++ gsi = gsi_for_stmt(stmt);
++ }
++ bb = next;
++ } while (bb && bb->index <= saved_last_basic_block);
++ return 0;
++}
++
++static struct gimple_opt_pass size_overflow_pass = {
++ .pass = {
++ .type = GIMPLE_PASS,
++ .name = "size_overflow",
++ .gate = NULL,
++ .execute = handle_function,
++ .sub = NULL,
++ .next = NULL,
++ .static_pass_number = 0,
++ .tv_id = TV_NONE,
++ .properties_required = PROP_cfg | PROP_referenced_vars,
++ .properties_provided = 0,
++ .properties_destroyed = 0,
++ .todo_flags_start = 0,
++ .todo_flags_finish = TODO_verify_ssa | TODO_verify_stmts | TODO_dump_func | TODO_remove_unused_locals | TODO_update_ssa_no_phi | TODO_cleanup_cfg | TODO_ggc_collect | TODO_verify_flow
++ }
++};
++
++static void start_unit_callback(void __unused *gcc_data, void __unused *user_data)
++{
++ tree fntype;
++
++ const_char_ptr_type_node = build_pointer_type(build_type_variant(char_type_node, 1, 0));
++
++ // void report_size_overflow(const char *loc_file, unsigned int loc_line, const char *current_func)
++ fntype = build_function_type_list(void_type_node,
++ const_char_ptr_type_node,
++ unsigned_type_node,
++ const_char_ptr_type_node,
++ NULL_TREE);
++ report_size_overflow_decl = build_fn_decl("report_size_overflow", fntype);
++
++ TREE_PUBLIC(report_size_overflow_decl) = 1;
++ DECL_EXTERNAL(report_size_overflow_decl) = 1;
++ DECL_ARTIFICIAL(report_size_overflow_decl) = 1;
++}
++
++extern struct gimple_opt_pass pass_dce;
++
++int plugin_init(struct plugin_name_args *plugin_info, struct plugin_gcc_version *version)
++{
++ int i;
++ const char * const plugin_name = plugin_info->base_name;
++ const int argc = plugin_info->argc;
++ const struct plugin_argument * const argv = plugin_info->argv;
++ bool enable = true;
++
++ struct register_pass_info size_overflow_pass_info = {
++ .pass = &size_overflow_pass.pass,
++ .reference_pass_name = "ssa",
++ .ref_pass_instance_number = 1,
++ .pos_op = PASS_POS_INSERT_AFTER
++ };
++
++ if (!plugin_default_version_check(version, &gcc_version)) {
++ error(G_("incompatible gcc/plugin versions"));
++ return 1;
++ }
++
++ for (i = 0; i < argc; ++i) {
++ if (!(strcmp(argv[i].key, "no-size_overflow"))) {
++ enable = false;
++ continue;
++ }
++ error(G_("unkown option '-fplugin-arg-%s-%s'"), plugin_name, argv[i].key);
++ }
++
++ register_callback(plugin_name, PLUGIN_INFO, NULL, &size_overflow_plugin_info);
++ if (enable) {
++ register_callback ("start_unit", PLUGIN_START_UNIT, &start_unit_callback, NULL);
++ register_callback(plugin_name, PLUGIN_PASS_MANAGER_SETUP, NULL, &size_overflow_pass_info);
++ }
++ register_callback(plugin_name, PLUGIN_ATTRIBUTES, register_attributes, NULL);
++
++ return 0;
++}
diff --git a/tools/gcc/stackleak_plugin.c b/tools/gcc/stackleak_plugin.c
new file mode 100644
index 0000000..b87ec9d
diff --git a/main/linux-grsec/kernelconfig.x86 b/main/linux-grsec/kernelconfig.x86
index 3b1bda6d40..b818bea037 100644
--- a/main/linux-grsec/kernelconfig.x86
+++ b/main/linux-grsec/kernelconfig.x86
@@ -1,6 +1,6 @@
#
# Automatically generated file; DO NOT EDIT.
-# Linux/i386 3.3.0 Kernel Configuration
+# Linux/i386 3.3.2 Kernel Configuration
#
# CONFIG_64BIT is not set
CONFIG_X86_32=y
@@ -5284,6 +5284,7 @@ CONFIG_PAX_RANDMMAP=y
CONFIG_PAX_MEMORY_UDEREF=y
CONFIG_PAX_REFCOUNT=y
# CONFIG_PAX_USERCOPY is not set
+# CONFIG_PAX_SIZE_OVERFLOW is not set
CONFIG_KEYS=y
CONFIG_TRUSTED_KEYS=m
CONFIG_ENCRYPTED_KEYS=m
diff --git a/main/linux-grsec/kernelconfig.x86_64 b/main/linux-grsec/kernelconfig.x86_64
index 70fd2d1a46..c30b9cb1d1 100644
--- a/main/linux-grsec/kernelconfig.x86_64
+++ b/main/linux-grsec/kernelconfig.x86_64
@@ -1,6 +1,6 @@
#
# Automatically generated file; DO NOT EDIT.
-# Linux/x86_64 3.3.0 Kernel Configuration
+# Linux/x86_64 3.3.2 Kernel Configuration
#
CONFIG_64BIT=y
# CONFIG_X86_32 is not set
@@ -5256,6 +5256,7 @@ CONFIG_PAX_RANDMMAP=y
# CONFIG_PAX_MEMORY_STACKLEAK is not set
CONFIG_PAX_REFCOUNT=y
# CONFIG_PAX_USERCOPY is not set
+# CONFIG_PAX_SIZE_OVERFLOW is not set
CONFIG_KEYS=y
CONFIG_TRUSTED_KEYS=m
CONFIG_ENCRYPTED_KEYS=m